Explaining type errors in polymorphic languages
ACM Letters on Programming Languages and Systems (LOPLAS)
Catching bugs in the web of program invariants
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Tractable constraints in finite semilattices
Science of Computer Programming
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Compositional explanation of types and algorithmic debugging of type errors
Proceedings of the sixth ACM SIGPLAN international conference on Functional programming
Finding the source of type errors
POPL '86 Proceedings of the 13th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A maximum-flow approach to anomaly isolation in unification-based incremental type inference
POPL '86 Proceedings of the 13th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Trusted declassification:: high-level policy for a security-typed language
Proceedings of the 2006 workshop on Programming languages and analysis for security
Managing Policy Updates in Security-Typed Languages
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Type inference and informative error reporting for secure information flow
Proceedings of the 44th annual Southeast regional conference
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
An Integrated Development Environment for Pattern Matching Programming
Electronic Notes in Theoretical Computer Science (ENTCS)
Polyglot: an extensible compiler framework for Java
CC'03 Proceedings of the 12th international conference on Compiler construction
A design for a security-typed language with certificate-based declassification
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Catch me if you can: permissive yet secure error handling
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
| Hi-index | 0.00 |
Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because information flows can be quite subtle, simple error messages tend to be insufficient for finding and resolving the source of information leaks; more sophisticated development tools are needed for this task. To this end we provide a set of principles to guide the development of such tools. Furthermore, we implement a subset of these principles in an integrated development environment (IDE) for Jif, called Jifclipse, which is built on the Eclipse extensible development platform. Our plug-in provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. Better development tools are essential for making security-typed application development practical; Jifclipse is a first step in this process