Type-based information flow analysis for bytecode languages with variable object field policies
Proceedings of the 2008 ACM symposium on Applied computing
A compiler-based infrastructure for software-protection
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Certificate translation for optimizing compilers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Catch me if you can: permissive yet secure error handling
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
A certified lightweight non-interference java bytecode verifier
ESOP'07 Proceedings of the 16th European conference on Programming
MOBIUS: mobility, ubiquity, security objectives and progress report
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
More typed assembly languages for confidentiality
APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
Security of multithreaded programs by compilation
ACM Transactions on Information and System Security (TISSEC)
Provably correct runtime enforcement of non-interference properties
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Allowing state changes in specifications
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Noninterference with dynamic security domains and policies
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Securing the future: an information flow analysis of a distributed OO language
SOFSEM'12 Proceedings of the 38th international conference on Current Trends in Theory and Practice of Computer Science
Static enforcement of information flow policies for a concurrent JVM-like language
TGC'11 Proceedings of the 6th international conference on Trustworthy Global Computing
Security of multithreaded programs by compilation
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Language-based security provides a means to enforce endto- end confidentiality and integrity policies inmobile code scenarios, and is increasingly being contemplated by the smartcard and mobile phone industry as a solution to enforce information flow and resource control policies. Two threads of work have emerged in research on languagebased security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for bytecode, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes - and thus have been developed independently but connecting them is a key step towards the deployment of language-based security in practical applications. This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.