PLDI '91 Proceedings of the ACM SIGPLAN 1991 conference on Programming language design and implementation
Handbook of theoretical computer science (vol. B)
Automatic monitoring of software requirements
ICSE '97 Proceedings of the 19th international conference on Software engineering
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security properties of typed applets
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for expressive security policies
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
SAS '95 Proceedings of the Second International Symposium on Static Analysis
Enforceable Security Policies
A new approach to mobile code security
A new approach to mobile code security
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
A domain-specific language for regular sets of strings and trees
DSL'97 Proceedings of the Conference on Domain-Specific Languages on Conference on Domain-Specific Languages (DSL), 1997
Secure calling contexts for stack inspection
Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
Enforcing Safety Properties Using Type Specialization
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
A Formal Definition of Crosscuts
REFLECTION '01 Proceedings of the Third International Conference on Metalevel Architectures and Separation of Crosscutting Concerns
Program specialization for execution monitoring
Journal of Functional Programming
Composition, reuse and interaction analysis of stateful aspects
Proceedings of the 3rd international conference on Aspect-oriented software development
A type system for resource protocol verification and its correctness proof
Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Implementing protocols via declarative event patterns
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
A Taxonomy and Catalog of Runtime Software-Fault Monitoring Tools
IEEE Transactions on Software Engineering
Policy framings for access control
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Interfaces for stack inspection
Journal of Functional Programming
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Trace effects and object orientation
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
PolyAML: a polymorphic aspect-oriented functional programming language
Proceedings of the tenth ACM SIGPLAN international conference on Functional programming
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Adaptiveness in well-typed Java bytecode verification
CASCON '06 Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative research
Aspect-oriented programming for reactive systems: Larissa, a proposal in the synchronous framework
Science of Computer Programming - Special issue: Foundations of aspect-oriented programming
Requirement enforcement by transformation automata
Proceedings of the 6th workshop on Foundations of aspect-oriented languages
Language-Based Program Verification via Expressive Types
Electronic Notes in Theoretical Computer Science (ENTCS)
Enforcing resource bounds via static verification of dynamic checks
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Types and trace effects of higher order programs
Journal of Functional Programming
AspectML: A polymorphic aspect-oriented functional programming language
ACM Transactions on Programming Languages and Systems (TOPLAS)
Types and trace effects for object orientation
Higher-Order and Symbolic Computation
From Formal Access Control Policies to Runtime Enforcement Aspects
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Efficient IRM enforcement of history-based access control policies
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Trustworthy Global Computing
Local policies for resource usage analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Planning and verifying service composition
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Generating In-Line Monitors for Rabin Automata
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
A Type and Effect System for Flexible Abstract Interpretation of Java
Electronic Notes in Theoretical Computer Science (ENTCS)
International Journal of Information and Computer Security
Disambiguating aspect-oriented security policies
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Types and Effects for resource usage analysis
FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
SAS'03 Proceedings of the 10th international conference on Static analysis
Computer security from a programming language and static analysis perspective
ESOP'03 Proceedings of the 12th European conference on Programming
Using controller-synthesis techniques to build property-enforcing layers
ESOP'03 Proceedings of the 12th European conference on Programming
Science of Computer Programming
JACK: a tool for validation of security and behaviour of Java applications
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
Foundations of security analysis and design IV
Checking risky events is enough for local policies
ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
Science of Computer Programming
Enforcing resource bounds via static verification of dynamic checks
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Optimized inlining of runtime monitors
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Verifiable control flow policies for java bytecode
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
| Hi-index | 0.00 |
We propose an automatic method to enforce trace properties on programs. The programmer specifies the property separately from the program; a program transformer takes the program and the property and automatically produces another “equivalent” pogram satisfying the property. This separation of concerns makes the program easier to develop and maintain. Our approach is both static and dynamic. It integrates static analyses in order to avoid useless transformations. On the other hand, it never rejects programs but adds dynamic checks when necessary. An important challenge is to make this dynamic enforcement as inexpensive as possible. The most obvious application domain is the enforcement of security policies. In particular, a potential use of the method is the securization of mobile code upon receipt.