Three partition refinement algorithms
SIAM Journal on Computing
Making abstract interpretations complete
Journal of the ACM (JACM)
A semantic approach to secure information flow
Science of Computer Programming - Special issue on mathematics of program construction
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Constructive design of a hierarchy of semantics of a transition system by abstract interpretation
Theoretical Computer Science
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A Per Model of Secure Information Flow in Sequential Programs
Higher-Order and Symbolic Computation
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Information transmission in computational systems
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Proceedings of the 2006 workshop on Programming languages and analysis for security
Higher-Order and Symbolic Computation
Preserving secrecy under refinement
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
On the rôle of abstract non-interference in language-based security
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
An abstract interpretation-based refinement algorithm for strong preservation
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Adjoining declassification and attack models by abstract interpretation
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
The PER model of abstract non-interference
SAS'05 Proceedings of the 12th international conference on Static Analysis
Comparing completeness properties of static analyses and their logics
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Transforming Abstract Interpretations by Abstract Interpretation
SAS '08 Proceedings of the 15th international symposium on Static Analysis
A weakest precondition approach to active attacks analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Adjoining classified and unclassified information by abstract interpretation
Journal of Computer Security
A weakest precondition approach to robustness
Transactions on computational science X
Modelling declassification policies using abstract domain completeness
Mathematical Structures in Computer Science - Programming Language Interference and Dependence
Analyzing program dependencies for malware detection
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
| Hi-index | 0.00 |
This paper suggests the following approach for checking whether a program satisfies an information flow policy that may declassify secret information: (a) Compute a finite abstract domain that over-approximates the information released by the policy and (b) Check whether program execution may release more information than what is permitted by the policy by completing the finite abstract domain wrt. weakest liberal preconditions. Moreover, techniques based on the Paige-Tarjan algorithm for partition refinement can be used to generate counterexamples to a declassification policy: the counterexamples demonstrate that more information is released by the program than what the policy permits. Subsequently the policy can be refined so that the least amount of confidential information necessary for making the program secure is declassified.