Problems with automatic restructurers
ACM SIGPLAN Notices
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Component software: beyond object-oriented programming
Component software: beyond object-oriented programming
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A lattice model of secure information flow
Communications of the ACM
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Evolving Object-Oriented Designs with Refactorings
Automated Software Engineering
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
A Survey of Software Refactoring
IEEE Transactions on Software Engineering
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient path conditions in dependence graphs for software safety analysis
ACM Transactions on Software Engineering and Methodology (TOSEM)
Science of Computer Programming
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Effective blame for information-flow violations
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Closing internal timing channels by transformation
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Improving software security using search-based refactoring
SSBSE'12 Proceedings of the 4th international conference on Search Based Software Engineering
| Hi-index | 0.00 |
Adding a sound information flow security policy to an existing program is a difficult task that requires major analysis of andchanges to the program. In this paper we show how refactoring programs into distinct components of high and low security is a useful methodology to aid in the production of programs with sound information flow policies. Our methodology proceeds as follows. Given a program with no information flow controls, a program sliceris used to identify code that depends on high security inputs. High security code so identified is then refactored into a separate component, which may be accessed by the low security component via public method calls. A security policy that labels input data and checks the output points can then enforce the desired end-to-end security property. Controlled information releases can occur at explicit declassification points if deemed safe. The result is a well-engineered program with explicit interfaces between components of different security levels.