The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Secure Information Flow by Self-Composition
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Secure slices of insecure programs
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Confidentiality enforcement using dynamic information flow analyses
Confidentiality enforcement using dynamic information flow analyses
Preventing Information Leaks through Shadow Executions
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Tight Enforcement of Information-Release Policies for Dynamic Languages
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Securing Timeout Instructions in Web Applications
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Tracking information flow in dynamic tree structures
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Isolating JavaScript with filters, rewriting, and wrappers
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Permissive dynamic information flow analysis
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Information Flow Monitor Inlining
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Object Capabilities and Isolation of Untrusted Web Applications
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Automated Analysis of Security-Critical JavaScript APIs
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
The eval that men do: A large-scale study of the use of eval in javascript applications
Proceedings of the 25th European conference on Object-oriented programming
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Capabilities for information flow
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
From dynamic to static and back: riding the roller coaster of information-flow control research
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Secure multi-execution (SME) is a dynamic technique to ensure secure information flow. In a nutshell, SME enforces security by running one execution of the program per security level, and by reinterpreting input/output operations w.r.t. their associated security level. SME is sound, in the sense that the execution of a program under SME is non-interfering, and precise, in the sense that for programs that are non-interfering in the usual sense, the semantics of a program under SME coincides with its standard semantics. A further virtue of SME is that its core idea is language-independent; it can be applied to a broad range of languages. A downside of SME is the fact that existing implementation techniques require modifications to the runtime environment, e.g. the browser for Web applications. In this article, we develop an alternative approach where the effect of SME is achieved through program transformation, without modifications to the runtime, thus supporting server-side deployment on the web. We show on an exemplary language with input/output and dynamic code evaluation (modeled after JavaScript's eval) that our transformation is sound and precise. The crux of the proof is a simulation between the execution of the transformed program and the SME execution of the original program. This proof has been machine-checked using the Agda proof assistant. We also report on prototype implementations for a small fragment of Python and a substantial subset of JavaScript.