Analysis of pointers and structures
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Certification of programs for secure information flow
Communications of the ACM
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Principles of Program Analysis
Principles of Program Analysis
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
On the Frame Problem in Procedure Specifications
IEEE Transactions on Software Engineering
Separation Logic: A Logic for Shared Mutable Data Structures
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Stack-based access control and secure information flow
Journal of Functional Programming
On flow-sensitive security types
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security-typed languages for implementation of cryptographic protocols: a case study
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Decidability and proof systems for language-based noninterference relations
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Science of Computer Programming
A domain-specific programming language for secure multiparty computation
Proceedings of the 2007 workshop on Programming languages and analysis for security
Towards a logical account of declassification
Proceedings of the 2007 workshop on Programming languages and analysis for security
Instruction-level security analysis for information flow in stack-based assembly languages
Information and Computation
Verification condition generation for conditional information flow
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Optimality and condensing of information flow through linear refinement
Theoretical Computer Science
Data dependencies and program slicing: from syntax to abstract semantics
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Modular Reasoning in Object-Oriented Programming
Verified Software: Theories, Tools, Experiments
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Abstract Interpretation Plugins for Type Systems
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Regional Logic for Local Reasoning about Global Invariants
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Boogie Meets Regions: A Verification Experience Report
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Securing information flow via dynamic capture of dependencies
Journal of Computer Security - 20th IEEE Computer Security Foundations Symposium (CSF)
Formal certification of code-based cryptographic proofs
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Information Sciences: an International Journal
Hoare type theory, polymorphism and separation1
Journal of Functional Programming
The Non-Interference Protection in BML
Electronic Notes in Theoretical Computer Science (ENTCS)
Abstract certification of global non-interference in rewriting logic
FMCO'09 Proceedings of the 8th international conference on Formal methods for components and objects
Unifying facets of information integrity
ICISS'10 Proceedings of the 6th international conference on Information systems security
From exponential to polynomial-time security typing via principal types
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
A machine-checked framework for relational separation logic
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Allowing state changes in specifications
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
A sound analysis for secure information flow using abstract memory graphs
FSEN'09 Proceedings of the Third IPM international conference on Fundamentals of Software Engineering
Semantics and enforcement of expressive information flow policies
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Secure information flow by self-composition
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Modelling declassification policies using abstract domain completeness
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
From coupling relations to mated invariants for checking information flow
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Experiences with PDG-Based IFC
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
A local shape analysis based on separation logic
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
JCSI: A tool for checking secure information flow in Java Card applications
Journal of Systems and Software
Local Reasoning for Global Invariants, Part II: Dynamic Boundaries
Journal of the ACM (JACM)
Local Reasoning for Global Invariants, Part I: Region Logic
Journal of the ACM (JACM)
Dependent Type Theory for Verification of Information Flow and Access Control Policies
ACM Transactions on Programming Languages and Systems (TOPLAS)
Probabilistic Relational Reasoning for Differential Privacy
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
| Hi-index | 0.00 |
This paper specifies, via a Hoare-like logic, an interprocedural and flow sensitive (but termination insensitive) information flow analysis for object-oriented programs. Pointer aliasing is ubiquitous in such programs, and can potentially leak confidential information. Thus the logic employs independence assertions to describe the noninterference property that formalizes confidentiality, and employs region assertions to describe possible aliasing. Programmer assertions, in the style of JML, are also allowed, thereby permitting a more fine-grained specification of information flow policy.The logic supports local reasoning about state in the style of separation logic. Small specifications are used; they mention only the variables and addresses relevant to a command. Specifications are combined using a frame rule. An algorithm for the computation of postconditions is described: under certain assumptions, there exists a strongest postcondition which the algorithm computes.