ACM Letters on Programming Languages and Systems (LOPLAS)
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A dependently typed assembly language
Proceedings of the sixth ACM SIGPLAN international conference on Functional programming
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
Secure Information Flow via Linear Continuations
Higher-Order and Symbolic Computation
ESOP '00 Proceedings of the 9th European Symposium on Programming Languages and Systems
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
A Language-Based Approach to Security
Informatics - 10 Years Back. 10 Years Ahead.
Eliminating Covert Flows with Minimum Typings
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Probabilistic Noninterference in a Concurrent Language
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Stack-based typed assembly language
Journal of Functional Programming
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
On the Limits of Information Flow Techniques for Malware Analysis and Containment
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
A certified lightweight non-interference java bytecode verifier
ESOP'07 Proceedings of the 16th European conference on Programming
More typed assembly languages for confidentiality
APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
Type-preserving compilation of end-to-end verification of security enforcement
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Language-based information-flow analysis is promising in protecting data confidentiality. Although much work has been carried out in this area, relatively little has been done for assembly code. Source-level techniques do not easily generalize Techniques at a source level do not generalize straightforwardly to assembly code, because assembly code does not readily present certain abstraction about the program structure that is crucial to information-flow analysis. Nonetheless, low-level information-flow analysis is desirable, because it yields a small trusted computing base. Furthermore, many (untrusted) applications are distributed in native code; their verification should not be overlooked. We present a simple yet effective solution for this problem. Our observation is that the missing abstraction in assembly code can be restored using annotations. Following the philosophy of certifying compilation, these annotations are generated by a compiler, used for static validation, and erased before execution. In particular, we propose a type system for low-level information-flow analysis. Our system is compatible with Typed Assembly Language, and models key features including a call stack, memory tuples and first-class code pointers. A noninterference theorem articulates that well-typed programs respect confidentiality. We also present a security-type preserving translation that targets our system, together with its soundness theorem. This illustrates the application of certifying compilation for noninterference.