The essence of compiling with continuations
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
ACM Transactions on Programming Languages and Systems (TOPLAS)
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Capability-Based Computer Systems
Capability-Based Computer Systems
Journal of Functional Programming
Interactive Theorem Proving and Program Development
Interactive Theorem Proving and Program Development
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Implementation and use of the PLT scheme Web server
Higher-Order and Symbolic Computation
Verified enforcement of stateful information release policies
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Refinement Types for Secure Implementations
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Fable: A Language for Enforcing User-defined Security Policies
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Proceedings of the 3rd workshop on Programming languages meets program verification
Effective interactive proofs for higher-order imperative programs
Proceedings of the 14th ACM SIGPLAN international conference on Functional programming
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
Verifying stateful programs with substructural state and hoare types
Proceedings of the 5th ACM workshop on Programming languages meets program verification
AuraConf: a unified approach to authorization and confidentiality
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Typechecking higher-order security libraries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Type-based access control in data-centric systems
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Cryptographic verification by typing for a sample protocol implementation
Foundations of security analysis and design VI
Maintaining database integrity with refinement types
Proceedings of the 25th European conference on Object-oriented programming
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
A theory of substructural types and control
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Nested refinements: a logic for duck typing
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Self-certification: bootstrapping certified typecheckers in F* with Coq
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proof-Carrying code in a session-typed process calculus
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Automatically verifying typing constraints for a data processing language
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Keeping information safe from social networking apps
Proceedings of the 2012 ACM workshop on Workshop on online social networks
Practical information flow for legacy web applications
Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Journal of Computer Security - Foundational Aspects of Security
| Hi-index | 0.00 |
Proving software free of security bugs is hard. Languages that ensure that programs correctly enforce their security policies would help, but, to date, no security-typed language has the ability to verify the enforcement of the kinds of policies used in practice—dynamic, stateful policies which address a range of concerns including forms of access control and information flow tracking. This paper presents Fine, a new source-level security-typed language that, through the use of a simple module system and dependent, refinement, and affine types, checks the enforcement of dynamic security policies applied to real software. Fine is proven sound. A prototype implementation of the compiler and several example programs are available from http://research.microsoft.com/fine.