Trusted declassification:: high-level policy for a security-typed language
Proceedings of the 2006 workshop on Programming languages and analysis for security
Jifclipse: development tools for security-typed languages
Proceedings of the 2007 workshop on Programming languages and analysis for security
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Building secure web applications with automatic partitioning
Communications of the ACM - Inspiring Women in Computing
Formal Aspects in Security and Trust
A weakest precondition approach to active attacks analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Fabric: a platform for secure distributed computation and storage
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Proceedings of the 16th ACM conference on Computer and communications security
Model checking on trees with path equivalences
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
A more precise security type system for dynamic security tests
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
A weakest precondition approach to robustness
Transactions on computational science X
Compiling information-flow security to minimal trusted computing bases
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
A semantic framework for declassification and endorsement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
| Hi-index | 0.00 |
Robustness links confidentiality and integrity properties of a computing system and has been identified as a useful property for characterizing and enforcing security. Previous characterizations of robustness have been with respect to a single idealized attacker; this paper shows how to define robustness for systems with mutual distrust. Further, we demonstrate that the decentralized label model (DLM) can be extended to support fine-grained reasoning about robustness in such systems. The DLM is a natural choice for capturing robustness requirements because decentralized labels are explicitly expressed in terms of principals that can be used to characterize the power of attackers across both the confidentiality and integrity axes. New rules are proposed for statically checking robustness and qualified robustness using an extended DLM; the resulting type system is shown to soundly enforce robustness. Finally, sound approximations are developed for checking programs with bounded but unknown label parameters, which is useful for security-typed languages. In sum, the paper shows how to use robustness to gain assurance about secure information flow and information release in systems with complex security requirements.