Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the computational soundness of cryptographically masked flows
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow security of multi-threaded distributed programs
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Securing nonintrusive web encryption through information flow
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Cryptographically-masked flows
Theoretical Computer Science
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Trust management for secure information flows
Proceedings of the 15th ACM conference on Computer and communications security
A decision support system for secure information sharing
Proceedings of the 14th ACM symposium on Access control models and technologies
A metadata calculus for secure information sharing
Proceedings of the 16th ACM conference on Computer and communications security
Adversaries and information leaks (Tutorial)
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Type-based analysis of PIN processing APIs
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Deductive verification of cryptographic software
Innovations in Systems and Software Engineering
Refinement types for secure implementations
ACM Transactions on Programming Languages and Systems (TOPLAS)
AuraConf: a unified approach to authorization and confidentiality
Proceedings of the 7th ACM SIGPLAN workshop on Types in language design and implementation
Secure information flow for distributed systems
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Formal verification of side-channel countermeasures using self-composition
Science of Computer Programming
| Hi-index | 0.00 |
Information-flow security policies are an appealing way of specifying confidentiality and integrity policies in information systems. Most previous work on language-based security has assumed that programs run in a closed, managed environment and that they use potentially unsafe constructs, such as declassification, to interface to external communication channels, perhaps after encrypting data to preserve its confidentiality. This situation is unsatisfactory for systems that need to communicate over untrusted channels or use untrusted persistent storage, since the connection between the cryptographic mechanisms used in the untrusted environment and the abstract security labels used in the trusted language environment is ad hoc and unclear. This paper addresses this problem in three ways: First, it presents a simple, security-typed language with a novel mechanism called packages that provides an abstract means for creating opaque objects and associating them with security labels; well-typed programs in this language enforce noninterference. Second, it shows how to implement these packages using public-key cryptography. This implementation strategy uses a variant of Myers and Liskov's decentralized label model, which supports a rich label structure in which mutually distrusting data owners can specify independent confidentiality and integrity requirements. Third, it demonstrates that this implementation of packages is sound with respect to Dolev-Yao style attackers such an attacker cannot determine the contents of a package without possessing the appropriate keys, as determined by the security label on the package.