Implementing fault-tolerant services using the state machine approach: a tutorial
ACM Computing Surveys (CSUR)
Multilevel security in the UNIX tradition
Software—Practice & Experience
Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Practical Byzantine fault tolerance
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
ACM Transactions on Information and System Security (TISSEC)
Probabilistic noninterference in a concurrent language
Journal of Computer Security
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Security Kernel validation in practice
Communications of the ACM
SAFKASI: a security mechanism for language-based systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
A uniform type structure for secure information flow
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Computer Systems (TOCS)
Secure Information Flow and CPS
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
SAS '95 Proceedings of the Second International Symposium on Static Analysis
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems
IHW '01 Proceedings of the 4th International Workshop on Information Hiding
Noninterference for Concurrent Programs
ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Simple View of Type-Secure Information Flow in the "-Calculus
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Secure and Scalable Replication in Phalanx
SRDS '98 Proceedings of the The 17th IEEE Symposium on Reliable Distributed Systems
A Generic Approach to the Security of Multi-Threaded Programs
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
NON-DISCRETIONARY ACCESS CONTROL FOR DECENTRALIZED COMPUTING SYSTEMS
NON-DISCRETIONARY ACCESS CONTROL FOR DECENTRALIZED COMPUTING SYSTEMS
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Advanced control flow in Java card programming
Proceedings of the 2004 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
From sequential programs to multi-tier applications by program transformation
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Performance aware secure code partitioning
Proceedings of the conference on Design, automation and test in Europe
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Verifying policy-based web services security
ACM Transactions on Programming Languages and Systems (TOPLAS)
A secure compiler for session abstractions
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Ripley: automatically securing web 2.0 applications through replicated execution
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 16th ACM conference on Computer and communications security
Closing internal timing channels by transformation
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
A formal implementation of value commitment
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Compiling information-flow security to minimal trusted computing bases
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Type-Based distributed access control vs. untyped attackers
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Securing the future: an information flow analysis of a distributed OO language
SOFSEM'12 Proceedings of the 38th international conference on Current Trends in Theory and Practice of Computer Science
Automatic partitioning of database applications
Proceedings of the VLDB Endowment
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
Hails: protecting data privacy in untrusted web applications
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Efficient user-space information flow control
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
| Hi-index | 0.00 |
A challenging unsolved security problem is how to specifyand enforce system-wide security policies; this problemis even more acute in distributed systems with mutual distrust.This paper describes a way to enforce policies fordata confidentiality and integrity in such an environment.Programs annotated with security specifications are staticallychecked and then transformed by the compiler to runsecurely on a distributed system with untrusted hosts. Thecode and data of the computation are partitioned acrossthe available hosts in accordance with the security specification.The key contribution is automatic replication ofcode and data to increase assurance of integrity-withoutharming confidentiality, and without placing undue trustin any host. The compiler automatically generates securerun-time protocols for communication among the replicatedcode partitions. Results are given from a prototype implementationapplied to various distributed programs.