Authentication in distributed systems: theory and practice
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Multilevel security in the UNIX tradition
Software—Practice & Experience
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From system F to typed assembly language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
IEEE Transactions on Software Engineering
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis
Journal of Computer Security
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Security Kernel validation in practice
Communications of the ACM
Java Virtual Machine Specification
Java Virtual Machine Specification
The Java Language Specification
The Java Language Specification
Secrecy by Typing inSecurity Protocols
TACS '97 Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
SAS '95 Proceedings of the Second International Symposium on Static Analysis
Proving multilevel security of a system design
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Mostly-static decentralized information flow control
Mostly-static decentralized information flow control
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
Abstract interpretation of operational semantics for secure information flow
Information Processing Letters
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Intransitive Non-Interference for Cryptographic Purposes
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Empowering mobile code using expressive security policies
Proceedings of the 2002 workshop on New security paradigms
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Embedding role-based access control model in object-oriented systems to protect privacy
Journal of Systems and Software
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Providing flexible access control to an information flow control model
Journal of Systems and Software
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing information leakage within workflows that execute among competing organizations
Journal of Systems and Software - Special issue: Software engineering education and training
An agent-based inter-application information flow control model
Journal of Systems and Software - Special issue: Software engineering education and training
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
DPE/PAC: decentralized process engine with product access control
Journal of Systems and Software
An information flow control model for C applications based on access control lists
Journal of Systems and Software
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Secrecy despite compromise: types, cryptography, and the pi-calculus
CONCUR 2005 - Concurrency Theory
Comments on a theorem on grid access control
Future Generation Computer Systems
Managing role relationships in an information flow control model
Journal of Systems and Software
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
ACM Transactions on Information and System Security (TISSEC)
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A domain-specific programming language for secure multiparty computation
Proceedings of the 2007 workshop on Programming languages and analysis for security
Performance aware secure code partitioning
Proceedings of the conference on Design, automation and test in Europe
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Access control models and security labelling
ACSC '07 Proceedings of the thirtieth Australasian conference on Computer science - Volume 62
An End-To-End Approach to Distributed Policy Language Implementation
Electronic Notes in Theoretical Computer Science (ENTCS)
A type discipline for authorization policies
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Run-time principals in information-flow type systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Information flow control for standard OS abstractions
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Making information flow explicit in HiStar
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Labels and event processes in the Asbestos operating system
ACM Transactions on Computer Systems (TOCS)
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Preventing information leakage in C applications using RBAC-based model
SEPADS'06 Proceedings of the 5th WSEAS International Conference on Software Engineering, Parallel and Distributed Systems
Compositional information flow security for concurrent programs
Journal of Computer Security
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
A library for light-weight information-flow security in haskell
Proceedings of the first ACM SIGPLAN symposium on Haskell
Protecting privacy with protocol stack virtualization
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Effective and efficient compromise recovery for weakly consistent replication
Proceedings of the 4th ACM European conference on Computer systems
Simplifying security policy descriptions for internet servers in secure operating systems
Proceedings of the 2009 ACM symposium on Applied Computing
Reducing the costs of large-scale BFT replication
LADIS '08 Proceedings of the 2nd Workshop on Large-Scale Distributed Systems and Middleware
Formal Aspects in Security and Trust
Trojan horse resistant discretionary access control
Proceedings of the 14th ACM symposium on Access control models and technologies
A weakest precondition approach to active attacks analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Cross-tier, label-based security enforcement for web applications
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
PrivateFlow: decentralised information flow control in event based middleware
Proceedings of the Third ACM International Conference on Distributed Event-Based Systems
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
A type system for discretionary access control†
Mathematical Structures in Computer Science
Privacy-preserving genomic computation through program specialization
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 16th ACM conference on Computer and communications security
Federation proxy for cross domain identity federation
Proceedings of the 5th ACM workshop on Digital identity management
Event-processing middleware with information flow control
Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
On declassification and the non-disclosure policy
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
An extended XACML model to ensure secure information access for web services
Journal of Systems and Software
Review: Comments on a theorem on grid access control
Future Generation Computer Systems
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Arrows for secure information flow
Theoretical Computer Science
Program partitioning using dynamic trust models
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Salvia: a privacy-aware operating system for prevention of data leakage
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Synthesising monitors from high-level policies for the safe execution of untrusted software
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Declassification with explicit reference points
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Restricted delegation and revocation in language-based security: (position paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Strict control dependence and its effect on dynamic information flow analyses
Proceedings of the 19th international symposium on Software testing and analysis
Garm: cross application data provenance and policy enforcement
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
DEFCON: high-performance event processing with information security
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Proceedings of the 17th ACM conference on Computer and communications security
A labelling system for derived data control
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Proceedings of the 2010 workshop on New security paradigms
Security policies in distributed CSCW and workflow systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
AuraConf: a unified approach to authorization and confidentiality
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Privacy enforcement and analysis for functional active objects
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
A weakest precondition approach to robustness
Transactions on computational science X
History-based access control for distributed processes
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
Compiling information-flow security to minimal trusted computing bases
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Do you know where your data are?: secure data capsules for deployable data protection
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
SIFT: a low-overhead dynamic information flow tracking architecture for SMT processors
Proceedings of the 8th ACM International Conference on Computing Frontiers
Making untrusted code useful: technical perspective
Communications of the ACM
Making information flow explicit in HiStar
Communications of the ACM
Enforcing end-to-end application security in the cloud (big ideas paper)
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Distributed middleware enforcement of event flow security policy
Proceedings of the ACM/IFIP/USENIX 11th International Conference on Middleware
Permission re-delegation: attacks and defenses
SEC'11 Proceedings of the 20th USENIX conference on Security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Preliminary design of the SAFE platform
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Combining Discretionary Policy with Mandatory Information Flow in Operating Systems
ACM Transactions on Information and System Security (TISSEC)
Sedic: privacy-aware data intensive computing on hybrid clouds
Proceedings of the 18th ACM conference on Computer and communications security
Poster: towards formal verification of DIFC policies
Proceedings of the 18th ACM conference on Computer and communications security
Language-Based enforcement of privacy policies
PET'04 Proceedings of the 4th international conference on Privacy Enhancing Technologies
Non-disclosure for distributed mobile code
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Programming with explicit security policies
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
A type discipline for authorization policies
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Look who's talking: authenticating service access points
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Deriving secrecy in key establishment protocols
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Privacy injector — automated privacy enforcement through aspects
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Experiences with PDG-Based IFC
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
A model of information flow control to determine whether malfunctions cause the privacy invasion
Proceedings of the First Workshop on Measurement, Privacy, and Mobility
Flow locks: towards a core calculus for dynamic flow policies
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
G2C: cryptographic protocols from goal-driven specifications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
SafeWeb: a middleware for securing ruby-based web applications
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
HiPoLDS: a security policy language for distributed systems
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
User-aware privacy control via extended static-information-flow analysis
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Lightweight information flow control for web services
PPAM'11 Proceedings of the 9th international conference on Parallel Processing and Applied Mathematics - Volume Part II
Scheduler-Independent declassification
MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Hails: protecting data privacy in untrusted web applications
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Partitioning applications for hybrid and federated clouds
CASCON '12 Proceedings of the 2012 Conference of the Center for Advanced Studies on Collaborative Research
SafeWeb: a middleware for securing ruby-based web applications
Proceedings of the 12th International Middleware Conference
Privacy by design: a formal framework for the analysis of architectural choices
Proceedings of the third ACM conference on Data and application security and privacy
HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems
Information Security Tech. Report
An information flow control meta-model
Proceedings of the 18th ACM symposium on Access control models and technologies
Efficient user-space information flow control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Toward principled browser security
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Practical information flow for legacy web applications
Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Model-based, event-driven programming paradigm for interactive web applications
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Practical information-flow aware middleware for in-car communication
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
Information flow tracking meets just-in-time compilation
ACM Transactions on Architecture and Code Optimization (TACO)
Efficient static checker for tainted variable attacks
Science of Computer Programming
| Hi-index | 0.03 |
Stronger protection is needed for the confidentiality and integrity of data, because programs containing untrusted code are the rule rather than the exception. Information flow control allows the enforcement of end-to-end security policies, but has been difficult to put into practice. This article describes the decentralized label model, a new label model for control of information flow in systems with mutual distrust and decentralized authority. The model improves on existing multilevel security models by allowing users to declassify information in a decentralized way, and by improving support for fine-grained data sharing. It supports static program analysis of information flow, so that programs can be certified to permit only acceptable information flows, while largely avoiding the overhead of run-time checking. The article introduces the language Jif, an extension to Java that provides static checking of information flow using the decentralized label model.