Information-flow and data-flow analysis of while-programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Oracle-based checking of untrusted software
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Foundational Proof-Carrying Code
LICS '01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science
Foundational proof checkers with small witnesses
Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming
Simple relational correctness proofs for static analyses and program transformations
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Enforcing security and safety models with an information flow analysis tool
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 13th ACM conference on Computer and communications security
Proof-carrying code from certified abstract interpretation and fixpoint compression
Theoretical Computer Science - Applied semantics
Secure information flow and program logics
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
The MOBIUS Proof Carrying Code Infrastructure
Formal Methods for Components and Objects
A certified lightweight non-interference java bytecode verifier
ESOP'07 Proceedings of the 16th European conference on Programming
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Privacy-sensitive information flow with JML
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
A modular integration of SAT/SMT solvers to coq through proof witnesses
CPP'11 Proceedings of the First international conference on Certified Programs and Proofs
Hi-index | 0.00 |
In previous work, we have proposed a compositional framework for stating and automatically verifying complex conditional information flow policies using a relational Hoare logic. The framework allows developers and verifiers to work directly with the source code using source-level code contracts. In this work, we extend that approach so that the algorithm for verifying code compliance to an information flow contract emits formal certificates of correctness that are checked in the Coq proof assistant. This framework is implemented in the context of SPARK - a subset of Ada that has been used in a number of industrial contexts for implementing certified safety and security critical systems.