The generation of random numbers that are probably prime
Journal of Cryptology
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A probabilistic poly-time framework for protocol analysis
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Probabilistic noninterference in a concurrent language
Journal of Computer Security
A sound type system for secure flow analysis
Journal of Computer Security
Provable security for cryptographic protocols—exact analysis and engineering applications
Journal of Computer Security
Introduction to the Theory of Computation
Introduction to the Theory of Computation
Practice-Oriented Provable-Security
ISW '97 Proceedings of the First International Workshop on Information Security
Eliminating Covert Flows with Minimum Typings
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Basic research in information privacy
ACM SIGSOFT Software Engineering Notes
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
Semantics and Program Analysis of Computationally Secure Information Flow
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Analysing Approximate Confinement under Uniform Attacks
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 2003 workshop on New security paradigms
A process-algebraic approach for the analysis of probabilistic noninterference
Journal of Computer Security
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
A static analysis for quantifying information flow in a simple imperative language
Journal of Computer Security
Compositional information flow security for concurrent programs
Journal of Computer Security
Secure information flow for a concurrent language with scheduling
Journal of Computer Security - Formal Methods in Security Engineering Workshop (FMSE 04)
Cryptographically-masked flows
Theoretical Computer Science
Quantifying information leakage in process calculi
Information and Computation
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Quantifying information flow with beliefs
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
On declassification and the non-disclosure policy
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Handling encryption in an analysis for secure information flow
ESOP'03 Proceedings of the 12th European conference on Programming
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
Cryptographically-Masked flows
SAS'06 Proceedings of the 13th international conference on Static Analysis
Quantifying information leakage in process calculi
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
A type system for computationally secure information flow
FCT'05 Proceedings of the 15th international conference on Fundamentals of Computation Theory
Hi-index | 0.00 |
Systems that authenticate a user based on a shared secret (such as a password or PIN) normally allow anyone to query whether the secret is a given value. For example, an ATM machine allows one to ask whether a string is the secret PIN of a (lost or stolen) ATM card. Yet such queries are prohibited in any model whose programs satisfy an information-flow property like Noninterference. But there is complexity-based justification for allowing these queries. A type system is given that provides the access control needed to prove that no well-typed program can leak secrets in polynomial time, or even leak them with nonnegligible probability if secrets are of sufficient length and randomly chosen. However, there are well-typed deterministic programs in a synchronous concurrent model capable of leaking secrets in linear time.