Separating binding times in language specifications
FPCA '89 Proceedings of the fourth international conference on Functional programming languages and computer architecture
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Predicative programming Part I
Communications of the ACM
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Formal Methods and Automated Tool for Timing-Channel Identification in TCB Source Code
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Program Specialization via Program Slicing
Selected Papers from the Internaltional Seminar on Partial Evaluation
A Semantic Approach to Secure Information Flow
MPC '98 Proceedings of the Mathematics of Program Construction
Eliminating Covert Flows with Minimum Typings
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Probabilistic Noninterference in a Concurrent Language
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
A uniform type structure for secure information flow
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Computer Systems (TOCS)
Noninterference for concurrent programs and thread systems
Theoretical Computer Science
Secure Information Flow via Linear Continuations
Higher-Order and Symbolic Computation
Secure Information Flow and CPS
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
The Impact of Synchronisation on Secure Information Flow in Concurrent Programs
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Securing Communication in a Concurrent Language
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Generic Approach to the Security of Multi-Threaded Programs
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Statically assuring secrecy for dynamic concurrent processes
Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming
A unifying approach to the security of distributed and multi-threaded programs
Journal of Computer Security - Special issue on CSFW14
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Providing flexible access control to an information flow control model
Journal of Systems and Software
Noninterference through flow analysis
Journal of Functional Programming
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions
Proceedings of the 32nd annual international symposium on Computer Architecture
Decidability and proof systems for language-based noninterference relations
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
Improved typings for probabilistic noninterference in a multi-threaded language
Journal of Computer Security
A domain-specific programming language for secure multiparty computation
Proceedings of the 2007 workshop on Programming languages and analysis for security
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Run-time principals in information-flow type systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
State-oriented Noninterference for CCS
Electronic Notes in Theoretical Computer Science (ENTCS)
An information-theoretic model for adaptive side-channel attacks
Proceedings of the 14th ACM conference on Computer and communications security
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
On the computational soundness of cryptographically masked flows
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Compositional information flow security for concurrent programs
Journal of Computer Security
Secure information flow for a concurrent language with scheduling
Journal of Computer Security - Formal Methods in Security Engineering Workshop (FMSE 04)
Information flow security of multi-threaded distributed programs
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Quantifying Timing Leaks and Cost Optimisation
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Securing Statically-verified Communications Protocols Against Timing Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Timing Aware Information Flow Security for a JavaCard-like Bytecode
Electronic Notes in Theoretical Computer Science (ENTCS)
Filling Out the Gaps: A Padding Algorithm for Transforming Out Timing Leaks
Electronic Notes in Theoretical Computer Science (ENTCS)
Preventing Timing Leaks Through Transactional Branching Instructions
Electronic Notes in Theoretical Computer Science (ENTCS)
Closing internal timing channels by transformation
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
More typed assembly languages for confidentiality
APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Security of multithreaded programs by compilation
ACM Transactions on Information and System Security (TISSEC)
Predictive black-box mitigation of timing channels
Proceedings of the 17th ACM conference on Computer and communications security
Automatically deriving information-theoretic bounds for adaptive side-channel attacks
Journal of Computer Security
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Differential privacy under fire
SEC'11 Proceedings of the 20th USENIX conference on Security
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Predictive mitigation of timing channels in interactive systems
Proceedings of the 18th ACM conference on Computer and communications security
Timed abstract non-interference
FORMATS'05 Proceedings of the Third international conference on Formal Modeling and Analysis of Timed Systems
Specification and verification of side channel declassification
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Non-termination and secure information flow
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Unwinding conditions for security in imperative languages
LOPSTR'04 Proceedings of the 14th international conference on Logic Based Program Synthesis and Transformation
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Timing-sensitive information flow analysis for synchronous systems
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
The complexity of synchronous notions of information flow security
FOSSACS'10 Proceedings of the 13th international conference on Foundations of Software Science and Computational Structures
Eliminating implicit information leaks by transformational typing and unification
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
A typed assembly language for confidentiality
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Language-based control and mitigation of timing channels
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Towards incrementalization of holistic hyperproperties
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Automatic quantification of cache side-channels
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Addressing covert termination and timing channels in concurrent information flow systems
Proceedings of the 17th ACM SIGPLAN international conference on Functional programming
Security of multithreaded programs by compilation
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Information flow in systems with schedulers, Part I: Definitions
Theoretical Computer Science
Proving concurrent noninterference
CPP'12 Proceedings of the Second international conference on Certified Programs and Proofs
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
PHANTOM: practical oblivious computation in a secure processor
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
One aspect of security in mobile code is privacy: private (or secret) data should not be leaked to unauthorised agents. Most of the work on secure information flow has until recently only been concerned with detecting direct and indirect flows. Secret information can however be leaked to the attacker also through covert channels. It is very reasonable to assume that the attacker, even as an external observer, can monitor the timing (including termination) behaviour of the program. Thus to claim a program secure, the security analysis must take also these into account.In this work we present a surprisingly simple solution to the problem of detecting timing leakages to external observers. Our system consists of a type system in which well-typed programs do not leak secret information directly, indirectly or through timing, and a transformation for removing timing leakages. For any program that is well typed according to Volpano and Smith [VS97a], our transformation generates a program that is also free of timing leaks.