Satisfiability of inequalities in a poset
Fundamenta Informaticae - Special issue: to the memory of Prof. Helena Rasiowa
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Tractable constraints in finite semilattices
Science of Computer Programming
Information flow inference for ML
ACM Transactions on Programming Languages and Systems (TOPLAS)
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
The complexity of subtype entailment for simple types
LICS '97 Proceedings of the 12th Annual IEEE Symposium on Logic in Computer Science
Lenient Array Operations for Practical Secure Information Flow
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Efficient type inference for secure information flow
Proceedings of the 2006 workshop on Programming languages and analysis for security
Jifclipse: development tools for security-typed languages
Proceedings of the 2007 workshop on Programming languages and analysis for security
A security domain model to assess software for exploitable covert channels
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Effective blame for information-flow violations
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
From exponential to polynomial-time security typing via principal types
ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Automating security mediation placement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Security type error diagnosis for higher-order, polymorphic languages
PEPM '13 Proceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation
Hi-index | 0.00 |
If we classify the variables of a program into various security levels, then a secure information flow analysis aims to verify statically that information in the program can flow only in ways consistent with the specified security levels. To make such analysis more practical, this paper proposes a novel type inference approach that gives programmers the freedom to specify the security levels of whichever variables are of interest, leaving the security levels of other variables to be inferred automatically. Type inference in this context is not new, but previous approaches have been based on gathering a set of subtyping constraints from the program, and then solving them with an abstract constraint solver. As a result, it has been difficult to report type errors to users in an informative way. Our inference approach stays closer to the original program, making it easier for us to explain precisely the source of each type error. We develop our type inference algorithm for a small imperative language with arrays, and prove that it is sound and complete. We also discuss our techniques for informative error reporting, and illustrate their effectiveness through examples.