Transformational typing and unification for automatically correcting insecure programs

Authors:
Boris Köpf;Heiko Mantel
Affiliations:
ETH Zurich, Information Security, Zurich, Switzerland;RWTH Aachen University, Department of Computer Science, Aachen, Germany
Venue:
International Journal of Information Security
Year:
2007

Citing 0
Cited 3

Who Can Declassify?

Formal Aspects in Security and Trust
Flexible scheduler-independent security

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Runtime enforcement of information flow security in tree manipulating processes

ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Before starting a rigorous security analysis of a given software system, the most likely outcome is often already clear, namely that the system is not entirely secure. Modifying a program such that it passes the analysis is a difficult problem and usually left entirely to the programmer. In this article, we show that and how unification can be used to compute such program transformations. This opens a new perspective on the problem of correcting insecure programs. We also demonstrate that integrating our approach into an existing transforming type system can improve the precision of the analysis and the quality of the resulting programs.