Inductive definitions, semantics and abstract interpretations
POPL '92 Proceedings of the 19th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Letters on Programming Languages and Systems (LOPLAS)
Data flow analysis is model checking of abstract interpretations
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for Java bytecode subroutines
ACM Transactions on Programming Languages and Systems (TOPLAS)
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
A semantic model of types and machine instructions for proof-carrying code
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
Safety checking of machine code
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis
Journal of Computer Security
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Abstract interpretation of operational semantics for secure information flow
Information Processing Letters
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Eliminating Covert Flows with Minimum Typings
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
VMCAI '02 Revised Papers from the Third International Workshop on Verification, Model Checking, and Abstract Interpretation
Java bytecode verification for secure information flow
ACM SIGPLAN Notices
Java bytecode verification on Java cards
Proceedings of the 2004 ACM symposium on Applied computing
Software—Practice & Experience
Efficient type inference for secure information flow
Proceedings of the 2006 workshop on Programming languages and analysis for security
Instruction-level security analysis for information flow in stack-based assembly languages
Information and Computation
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Calculating graph algorithms for dominance and shortest path
MPC'12 Proceedings of the 11th international conference on Mathematics of Program Construction
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.02 |
We present a method to certify a subset of the Java bytecode, with respect to security. The method is based on abstract interpretation of the operational semantics of the language. We define a concrete small-step enhanced semantics of the language, able to keep information on the flow of data and control during execution. A main point of this semantics is the handling of the influence of the information flow on the operand stack. We then define an abstract semantics, keeping only the security information and forgetting the actual values. This semantics can be used as a static analysis tool to check security of programs. The use of abstract interpretation allows, on one side, being semantics based, to accept as secure a wide class of programs, and, on the other side, being rule based, to be fully automated.