Efficient implementation of lattice operations
ACM Transactions on Programming Languages and Systems (TOPLAS)
Program derivation by fixed point computation
Science of Computer Programming
Logic programming and databases
Logic programming and databases
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis
Journal of Computer Security
Finite Differencing of Computable Expressions
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking security of Java bytecode by abstract interpretation
Proceedings of the 2002 ACM symposium on Applied computing
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Secrecy by Typing inSecurity Protocols
TACS '97 Proceedings of the Third International Symposium on Theoretical Aspects of Computer Software
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
SAS '95 Proceedings of the Second International Symposium on Static Analysis
Using the SCR* Toolset to Specify Software Requirements
WIFT '98 Proceedings of the Second IEEE Workshop on Industrial Strength Formal Specification Techniques
Fundamenta Informaticae - Concurrency specification and programming
From datalog rules to efficient programs with time and space guarantees
Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Java bytecode verification for secure information flow
ACM SIGPLAN Notices
Generating optimized code from SCR specifications
Proceedings of the 2006 ACM SIGPLAN/SIGBED conference on Language, compilers, and tool support for embedded systems
Type inference and informative error reporting for secure information flow
Proceedings of the 44th annual Southeast regional conference
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Efficient trust management policy analysis from rules
Proceedings of the 9th ACM SIGPLAN international conference on Principles and practice of declarative programming
Generating Specialized Rules and Programs for Demand-Driven Analysis
AMAST 2008 Proceedings of the 12th international conference on Algebraic Methodology and Software Technology
Caching and incrementalisation in the java query language
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
From datalog rules to efficient programs with time and space guarantees
ACM Transactions on Programming Languages and Systems (TOPLAS)
The Non-Interference Protection in BML
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.00 |
This paper describes the design, analysis, and implementation of an efficient algorithm for information flow analysis expressed using a type system. Given a program and an environment of security classes for information accessed by the program, the algorithm checks whether the program is well typed, i.e., there is no information of higher security classes flowing into places of lower security classes according to a lattice of security classes, by inferring the highest or lowest security class as appropriate for each program node. We express the analysis as a set of Datalog-like rules based on the typing and subtyping rules, and we use a systematic method to generate specialized algorithms and data structures directly from the Datalog-like rules. The generated implementation traverses the program multiple times and uses a combination of linked and indexed data structures to represent program nodes, environments, and types. The time complexity of the algorithm is linear in the size of the input program, times the height of the lattice of security classes, plus a small overhead for preprocessing the security classes. This complexity is confirmed through our prototype implementation and experimental evaluation on code generated from high-level specifications for real systems.