A CSP formulation of non-interference and unwinding
Cipher: IEEE Computer Society Technical Committee Newsletter on Security & Privacy
ACM Transactions on Programming Languages and Systems (TOPLAS)
Three logics for branching bisimulation
Journal of the ACM (JACM)
Forward and backward simulations I.: untimed systems
Information and Computation
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A calculus for cryptographic protocols
Information and Computation
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Unwinding Possibilistic Security Properties
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Connection policies and controlled interference
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
What is Intransitive Noninterference?
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Possibilistic Definitions of Security - An Assembly Kit
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Absorbing covers and intransitive non-interference
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Untrusted hosts and confidentiality: secure program partitioning
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Intransitive Non-Interference for Cryptographic Purposes
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the secure implementation of security protocols
Science of Computer Programming - Special issue on 12th European symposium on programming (ESOP 2003)
Formally verifying information flow type systems for concurrent and thread systems
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Handling declared information leakage: extended abstract
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
A monadic analysis of information flow security with mutable state
Journal of Functional Programming
ACM SIGACT News
Security policy in a declarative style
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Anonymity and information hiding in multiagent systems
Journal of Computer Security
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
What You Lose is What You Leak: Information Leakage in Declassification Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Improving usability of information flow security in java
Proceedings of the 2007 workshop on Programming languages and analysis for security
A domain-specific programming language for secure multiparty computation
Proceedings of the 2007 workshop on Programming languages and analysis for security
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Compositional information flow security for concurrent programs
Journal of Computer Security
Verified enforcement of stateful information release policies
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
EON: modeling and analyzing dynamic access control systems with logic programs
Proceedings of the 15th ACM conference on Computer and communications security
A type system for data-flow integrity on Windows Vista
ACM SIGPLAN Notices
Verified enforcement of stateful information release policies
ACM SIGPLAN Notices
Formal Aspects in Security and Trust
Encoding information flow in Aura
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
A weakest precondition approach to active attacks analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Proceedings of the 16th ACM conference on Computer and communications security
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Achieving information flow security through monadic control of effects
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Encoding information flow in AURA
ACM SIGPLAN Notices
Controlling the what and where of declassification in language-based security
ESOP'07 Proceedings of the 16th European conference on Programming
On the secure implementation of security protocols
ESOP'03 Proceedings of the 12th European conference on Programming
More typed assembly languages for confidentiality
APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
Declassification with explicit reference points
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Adjoining classified and unclassified information by abstract interpretation
Journal of Computer Security
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Collaborative Planning with Confidentiality
Journal of Automated Reasoning
A weakest precondition approach to robustness
Transactions on computational science X
Compiling information-flow security to minimal trusted computing bases
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Poster: towards formal verification of DIFC policies
Proceedings of the 18th ACM conference on Computer and communications security
On the rôle of abstract non-interference in language-based security
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Information flow analysis for a typed assembly language with polymorphic stacks
CASSIS'05 Proceedings of the Second international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Timed abstract non-interference
FORMATS'05 Proceedings of the Third international conference on Formal Modeling and Analysis of Timed Systems
Modelling declassification policies using abstract domain completeness
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Adjoining declassification and attack models by abstract interpretation
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Unwinding conditions for security in imperative languages
LOPSTR'04 Proceedings of the 14th international conference on Logic Based Program Synthesis and Transformation
Generalized abstract non-interference: abstract secure information-flow analysis for automata
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
The PER model of abstract non-interference
SAS'05 Proceedings of the 12th international conference on Static Analysis
Secure information flow as a safety problem
SAS'05 Proceedings of the 12th international conference on Static Analysis
A semantic framework for declassification and endorsement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Flow locks: towards a core calculus for dynamic flow policies
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Noninterference via symbolic execution
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Information flow in trust management systems
Journal of Computer Security - CSF 2010
Hi-index | 0.00 |
Abstract: Security properties based on information flow, such as noninterference, provide strong guarantees that confidentiality is maintained. However, programs often need to leak some amount of confidential information in order to serve their intended purpose, and thus violate noninterference. Real systems that control information flow often include mechanisms for downgrading or declassifying information; however, declassification can easily result in the unexpected release of confidential information. This paper introduces a formal model of information flow in systems that include intentional information leaks and shows how to characterize what information leaks. Further, we define a notion of robustness for systems that include information leaks introduced by declassification. Robust systems have the property that an attacker is unable to exploit declassification channels to obtain more confidential information than was intended to be released. We show that all systems satisfying a noninterference-like property are robust; for other systems, robustness involves a nontrivial interaction between confidentiality and integrity properties. We expect this model to provide new tools for the characterization of information flow properties in the presence of intentional information leaks.