Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
Catching bugs in the web of program invariants
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Fast and accurate flow-insensitive points-to analysis
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Partial online cycle elimination in inclusion constraint graphs
PLDI '98 Proceedings of the ACM SIGPLAN 1998 conference on Programming language design and implementation
Advanced compiler design and implementation
Advanced compiler design and implementation
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Improved approximation algorithms for the vertex cover problem in graphs and hypergraphs
SODA '00 Proceedings of the eleventh annual ACM-SIAM symposium on Discrete algorithms
Tractable constraints in finite semilattices
Science of Computer Programming
A sound type system for secure flow analysis
Journal of Computer Security
A slicing-based approach for locating type errors
ACM Transactions on Software Engineering and Methodology (TOSEM)
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
CCured: type-safe retrofitting of legacy software
ACM Transactions on Programming Languages and Systems (TOPLAS)
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Applying flow-sensitive CQUAL to verify MINIX authorization check placement
Proceedings of the 2006 workshop on Programming languages and analysis for security
Type inference and informative error reporting for secure information flow
Proceedings of the 44th annual Southeast regional conference
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Enumerating disjunctions and conjunctions of paths and cuts in reliability theory
Discrete Applied Mathematics
Secure virtual architecture: a safe execution environment for commodity operating systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Civitas: Toward a Secure Voting System
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Effective blame for information-flow violations
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using security policies to automate placement of network intrusion prevention
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Hi-index | 0.00 |
We present a framework that automatically produces suggestions to resolve type errors in security-typed programs, enabling legacy code to be retrofit with comprehensive security policy mediation. Resolving such type errors requires selecting a placement of mediation statements that implement runtime security decisions, such as declassifiers and authorization checks. Manually placing mediation statements in legacy code can be difficult, as there may be several, interacting type errors. In this paper, we solve this problem by constructing a graph that has the property that a vertex cut is equivalent to the points at which mediation statements can be inserted to allow the program to satisfy the type system. We build a framework that produces suggestions that are minimum cuts of this graph, and the framework can be customized to find suggestions that satisfy programmer requirements. Our framework implementation for Java programs computes suggestions for 20,000 line programs in less than 100 seconds, reduces the number of locations a programmer must consider by 90%, and selects suggestions similar to those proposed by expert programmers 80% of the time.