Abstract types have existential type
ACM Transactions on Programming Languages and Systems (TOPLAS)
Unique Binary-Search-Tree Representations and Equality Testing of Sets and Sequences
SIAM Journal on Computing
Oblivious data structures: applications to cryptography
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
A lattice model of secure information flow
Communications of the ACM
Anti-presistence: history independent data structures
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Space Efficient Hash Tables with Worst Case Constant Access Time
STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Simple relational correctness proofs for static analyses and program transformations
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Language-Based Information Erasure
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
A logic for information flow in object-oriented programs
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Strongly History-Independent Hashing with Applications
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
End-to-End Enforcement of Erasure and Declassification
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Uniquely represented data structures with applications to privacy
Uniquely represented data structures with applications to privacy
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Just forget it: the semantics and enforcement of information erasure
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Tracking information flow in dynamic tree structures
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A certified framework for compiling and executing garbage-collected languages
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Secure distributed programming with value-dependent types
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Proofs for free: Parametricity for dependent types
Journal of Functional Programming
Information-Flow Security for a Core of JavaScript
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
A Computational Interpretation of Parametricity
LICS '12 Proceedings of the 2012 27th Annual IEEE/ACM Symposium on Logic in Computer Science
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Probabilistic relational verification for cryptographic implementations
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
We consider verification of information flow and erasure properties in programs with heterogeneous heap-based data structures, in the presence of procedures with local state. A heterogeneous data structure, such as a hash table implementing a medical record database, may store both secret and public data simultaneously. In contrast, extant work primarily focuses on homogeneous data structures which store data of a uniform security level. Heterogeneity, however, does not come for free. For example, standard implementations of hash tables do not support heterogeneity, and may leak sensitive information easily owing to hash collisions. In this paper we identify unique representation as a sufficient condition for a heterogeneous data structure to be leak-free, while simultaneously supporting abstraction and modularity in verification. As a case study, we implement and verify a novel uniquely-represented variant of heterogeneous hash tables. Furthermore, we demonstrate modular reasoning by showing how specifications of the hash table methods can be used in a client application; we thereby obtain abstract and concise formal proofs of erasure. We formalize our work in Relational Hoare Type Theory (RHTT), an expressive, higher-order imperative language and program logic embedded in the Coq proof assistant.