ACM Letters on Programming Languages and Systems (LOPLAS)
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Addendum to the 1998 proceedings of the conference on Object-oriented programming, systems, languages, and applications (Addendum)
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
A sound type system for secure flow analysis
Journal of Computer Security
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Representation independence, confinement and access control [extended abstract]
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking security of Java bytecode by abstract interpretation
Proceedings of the 2002 ACM symposium on Applied computing
Java Virtual Machine Specification
Java Virtual Machine Specification
Abstract interpretation of operational semantics for secure information flow
Information Processing Letters
Secure Information Flow via Linear Continuations
Higher-Order and Symbolic Computation
Using Standard Verifier to Check Secure Information Flow in Java Bytecode
COMPSAC '02 Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment
VMCAI '02 Revised Papers from the Third International Workshop on Verification, Model Checking, and Abstract Interpretation
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Byte Code Verification for Java Smart Card Based on Model Checking
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Checking Secure Interactions of Smart Card Applets
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Instruction-level security analysis for information flow in stack-based assembly languages
Information and Computation
Embedding verifiable information flow analysis
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Extracting control from data: user interfaces of MIDP applications
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Information flow analysis for javascript
Proceedings of the 1st ACM SIGPLAN international workshop on Programming language and systems technologies for internet clients
Hi-index | 0.00 |
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information flow in the original code. We present a prototype tool that implements the method and we show an example of application.