Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure calling contexts for stack inspection
Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Stack inspection: Theory and variants
ACM Transactions on Programming Languages and Systems (TOPLAS)
Class analyses as abstract interpretations of trace semantics
ACM Transactions on Programming Languages and Systems (TOPLAS)
Model checking LTL with regular valuations for pushdown systems
Information and Computation - TACS 2001
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Policy framings for access control
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Interfaces for stack inspection
Journal of Functional Programming
A systematic approach to static access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
Trace effects and object orientation
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Static check analysis for Java stack inspection
ACM SIGPLAN Notices
Extracting a data flow analyser in constructive logic
Theoretical Computer Science - Applied semantics: Selected topics
Types and trace effects of higher order programs
Journal of Functional Programming
Compositional verification of sequential programs with procedures
Information and Computation
Types and trace effects for object orientation
Higher-Order and Symbolic Computation
Program Models for Compositional Verification
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Efficient IRM enforcement of history-based access control policies
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Local policies for resource usage analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Framework for the Analysis of Access Control Models for Interactive Mobile Devices
Types for Proofs and Programs
A Type and Effect System for Flexible Abstract Interpretation of Java
Electronic Notes in Theoretical Computer Science (ENTCS)
Program Transformations under Dynamic Security Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Visualization of permission checks in java using static analysis
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
IT security analysis best practices and formal approaches
Foundations of security analysis and design IV
Secure Service Composition with Symbolic Effects
SEEFM '09 Proceedings of the 2009 Fourth South-East European Workshop on Formal Methods
Verifying resource access control on mobile interactive devices
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Modular plans for secure service composition
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Secure service orchestration in open networks
Journal of Systems Architecture: the EUROMICRO Journal
Addressing software application security issues
ICCOMP'06 Proceedings of the 10th WSEAS international conference on Computers
Formal methods for smartcard security
Foundations of Security Analysis and Design III
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Verifying probabilistic procedural programs
FSTTCS'04 Proceedings of the 24th international conference on Foundations of Software Technology and Theoretical Computer Science
A formal model of access control for mobile interactive devices
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Automated discovery of mimicry attacks
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Compositional algorithmic verification of software product lines
FMCO'10 Proceedings of the 9th international conference on Formal Methods for Components and Objects
SAS'07 Proceedings of the 14th international conference on Static Analysis
Sound control-flow graph extraction for java programs with exceptions
SEFM'12 Proceedings of the 10th international conference on Software Engineering and Formal Methods
Modular plans for secure service composition
Journal of Computer Security - ARSPA-WITS'10
| Hi-index | 0.00 |
A fundamental problem in software-based security is whether localsecurity checks inserted into the code are sufficient to implementa global security property. This article introduces a formalismbased on a linear-time temporal logic for specifying globalsecurity properties pertaining to the control flow of the program,and illustrates its expressive power with a number of existingproperties. We define a minimalistic, security-dedicated programmodel that only contains procedure call and run-time securitychecks and propose an automatic method for verifying that animplementation using local security checks satisfies a globalsecurity property. We then show how to instantiate the framework tothe security architecture of Java 2 based on stack inspection andprivileged method calls.