Improving usability of information flow security in java
Proceedings of the 2007 workshop on Programming languages and analysis for security
ACM Transactions on Information and System Security (TISSEC)
Non-Interference for Deterministic Interactive Programs
Formal Aspects in Security and Trust
Integrating hardware and software information flow analyses
Proceedings of the 2009 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Proceedings of the 16th ACM conference on Computer and communications security
Efficient purely-dynamic information flow analysis
ACM SIGPLAN Notices
Just forget it: the semantics and enforcement of information erasure
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A multi-compositional enforcement on information flow security
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Limiting information leakage in event-based communication
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
A semantic hierarchy for erasure policies
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Precise enforcement of progress-sensitive security
Proceedings of the 2012 ACM conference on Computer and communications security
Towards a practical secure concurrent language
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Enforcing information flow policies by a three-valued analysis
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Journal of Computer Security - CSF 2010
| Hi-index | 0.00 |
Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing language-based security conditions founded on noninteractive models permit insecure information flows in interactive imperative programs. This paper formulates new strategy-based information-flow security conditions for a simple imperative programming language that includes input and output operators. The semantics of the language enables a fine-grained approach to the resolution of nondeterministic choices. The security conditions leverage this approach to prohibit refinement attacks while still permitting observable nondeterminism. Extending the language with probabilistic choice yields a corresponding definition of probabilistic noninterference. A soundness theorem demonstrates the feasibility of statically enforcing the security conditions via a simple type system. These results constitute a step toward understanding and enforcing information-flow security in real-world programming languages, which include similar input and output operators