The essence of compiling with continuations
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Type inference for records in natural extension of ML
Theoretical aspects of object-oriented programming
A syntactic approach to type soundness
Information and Computation
Simple imperative polymorphism
Lisp and Symbolic Computation - Special issue on state in programming languages (part I)
Analysis and caching of dependencies
Proceedings of the first ACM SIGPLAN international conference on Functional programming
Minimal typings in atomic subtyping
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Type inference with constrained types
Theory and Practice of Object Systems - Special issue on foundations of object-oriented languages
Type-based analysis of uncaught exceptions
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis
Journal of Computer Security
Cryptography and data security
Cryptography and data security
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Mostly-static decentralized information flow control
Mostly-static decentralized information flow control
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
Fine-Grained Information Flow Analysis for a \lambda Calculus with Sum Types
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Simple View of Type-Secure Information Flow in the "-Calculus
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Java Bytecode Verification: Algorithms and Formalizations
Journal of Automated Reasoning
Logical relation for encryption
Journal of Computer Security - Special issue on CSFW14
Translating dependency into parametricity
Proceedings of the ninth ACM SIGPLAN international conference on Functional programming
Formally verifying information flow type systems for concurrent and thread systems
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Stack-based access control and secure information flow
Journal of Functional Programming
Noninterference through flow analysis
Journal of Functional Programming
Software—Practice & Experience
Proceedings of the 2006 workshop on Programming languages and analysis for security
Trusted declassification:: high-level policy for a security-typed language
Proceedings of the 2006 workshop on Programming languages and analysis for security
Refactoring programs to secure information flows
Proceedings of the 2006 workshop on Programming languages and analysis for security
Efficient type inference for secure information flow
Proceedings of the 2006 workshop on Programming languages and analysis for security
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
Jifclipse: development tools for security-typed languages
Proceedings of the 2007 workshop on Programming languages and analysis for security
Improving usability of information flow security in java
Proceedings of the 2007 workshop on Programming languages and analysis for security
A domain-specific programming language for secure multiparty computation
Proceedings of the 2007 workshop on Programming languages and analysis for security
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Run-time principals in information-flow type systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
A library for light-weight information-flow security in haskell
Proceedings of the first ACM SIGPLAN symposium on Haskell
Effective blame for information-flow violations
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Securing information flow via dynamic capture of dependencies
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Staged information flow for javascript
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Catch me if you can: permissive yet secure error handling
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Achieving information flow security through monadic control of effects
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Timing Aware Information Flow Security for a JavaCard-like Bytecode
Electronic Notes in Theoretical Computer Science (ENTCS)
Arrows for secure information flow
Theoretical Computer Science
Computer security from a programming language and static analysis perspective
ESOP'03 Proceedings of the 12th European conference on Programming
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Tracking information flow in dynamic tree structures
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
A theory of noninterference for the π-calculus
TGC'05 Proceedings of the 1st international conference on Trustworthy global computing
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Efficient incremental information flow control with nested control regions
Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients
A design for a security-typed language with certificate-based declassification
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
A theorem proving approach to analysis of secure information flow
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Automating security mediation placement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Secure multi-execution in haskell
PSI'11 Proceedings of the 8th international conference on Perspectives of System Informatics
Noninterference via symbolic execution
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
ML dependency analysis for assessors
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Security completeness: towards noninterference in composed languages
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
Journal of Computer Security - CSF 2010
Hi-index | 0.01 |
This paper presents a type-based information flow analysis for a call-by-value λ-calculus equipped with references, exceptions and let-polymorphism, which we refer to as Core ML. The type system is constraint-based and has decidable type inference. Its non-interference proof is reasonably lightweight, thanks to the use of a number of orthogonal techniques. First, a syntactic segregation between values and expressions allows a lighter formulation of the type system. Second, non-interference is reduced to subject reduction for a non-standard language extension. Lastly, a semi-syntactic approach to type soundness allows dealing with constraint-based polymorphism separately.