Islands: aliasing protection in object-oriented languages
OOPSLA '91 Conference proceedings on Object-oriented programming systems, languages, and applications
Foundations of programming languages
Foundations of programming languages
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The Java programming language (2nd ed.)
The Java programming language (2nd ed.)
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
Static enforcement of security with types
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
SAFKASI: a security mechanism for language-based systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Software—Practice & Experience - Special issue on aliasing in object-oriented systems
Representation independence, confinement and access control [extended abstract]
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Compiling for the .Net Common Language Runtime
Compiling for the .Net Common Language Runtime
Data abstraction and information hiding
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information flow vs. resource access in the asynchronous pi-calculus
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Simple Ownership Types for Object Containment
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Partial Evaluation and Non-inference for Object Calculi
FLOPS '99 Proceedings of the 4th Fuji International Symposium on Functional and Logic Programming
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Probabilistic Noninterference for Multi-Threaded Programs
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Generic Approach to the Security of Multi-Threaded Programs
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A New Type System for Secure Information Flow
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
Providing flexibility in information flow control for object oriented systems
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Journal of Functional Programming
Enforcing Robust Declassification
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Formally verifying information flow type systems for concurrent and thread systems
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Non-interference for a JVM-like language
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Statically checking confidentiality via dynamic labels
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
A logic for information flow in object-oriented programs
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Data-centric security: role analysis and role typestates
Proceedings of the eleventh ACM symposium on Access control models and technologies
Trusted declassification:: high-level policy for a security-typed language
Proceedings of the 2006 workshop on Programming languages and analysis for security
Science of Computer Programming
Towards imperative modules: reasoning about invariants and sharing of mutable state
Theoretical Computer Science - Components and objects
Observational purity and encapsulation
Theoretical Computer Science
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
Reasoning about safety properties in a JVM-like environment
Science of Computer Programming
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Type-based information flow analysis for bytecode languages with variable object field policies
Proceedings of the 2008 ACM symposium on Applied computing
Secure information flow for a concurrent language with scheduling
Journal of Computer Security - Formal Methods in Security Engineering Workshop (FMSE 04)
Modular Reasoning in Object-Oriented Programming
Verified Software: Theories, Tools, Experiments
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Secure Information Flow as a Safety Property
Formal Aspects in Security and Trust
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Preventing Timing Leaks Through Transactional Branching Instructions
Electronic Notes in Theoretical Computer Science (ENTCS)
A certified lightweight non-interference java bytecode verifier
ESOP'07 Proceedings of the 16th European conference on Programming
MOBIUS: mobility, ubiquity, security objectives and progress report
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Automata-based confidentiality monitoring
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Security of multithreaded programs by compilation
ACM Transactions on Information and System Security (TISSEC)
Restricted delegation and revocation in language-based security: (position paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Deductive verification of cryptographic software
Innovations in Systems and Software Engineering
Automatic generation of history-based access control from information flow specification
ATVA'10 Proceedings of the 8th international conference on Automated technology for verification and analysis
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
Formally verifying isolation and availability in an idealized model of virtualization
FM'11 Proceedings of the 17th international conference on Formal methods
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
Flexible dynamic information flow control in Haskell
Proceedings of the 4th ACM symposium on Haskell
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Allowing state changes in specifications
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Noninterference with dynamic security domains and policies
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
History-based access control and secure information flow
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Information flow analysis for java bytecode
VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Formal methods for smartcard security
Foundations of Security Analysis and Design III
Java JR: fully abstract trace semantics for a core java language
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Verifying a secure information flow analyzer
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Flow locks: towards a core calculus for dynamic flow policies
ESOP'06 Proceedings of the 15th European conference on Programming Languages and Systems
Static enforcement of information flow policies for a concurrent JVM-like language
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Noninterference via symbolic execution
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Security completeness: towards noninterference in composed languages
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Encoding secure information flow with restricted delegation and revocation in Haskell
Proceedings of the 1st annual workshop on Functional programming concepts in domain-specific languages
Noninterference in a predicative polymorphic calculus for access control
Computer Languages, Systems and Structures
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Hi-index | 0.00 |
Access control mechanisms are often used with the intent of enforcing confidentiality and integrity policies, but few rigorous connections have been made between information flow and runtime access control. The Java virtual machine and the .NET runtime system provide a dynamic access control mechanism in which permissions are granted to program units and a runtime mechanism checks permissions of code in the calling chain. We investigate a design pattern by which this mechanism can be used to achieve confidentiality and integrity goals: a single interface serves callers of more than one security level and dynamic access control prevents release of high information to low callers. Programs fitting this pattern would be rejected by previous flow analyses. We give a static analysis that admits them, using permission-dependent security types. The analysis is given for a class-based object-oriented language with features including inheritance, dynamic binding, dynamically allocated mutable objects, type casts and recursive types. The analysis is shown to ensure a noninterference property formalizing confidentiality and integrity.