Andrew C. Myers. Practical mostly-static information flow control. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pages 228--241, San Antonio, Texas, January 1999. 20  Home/Search   Document Not in Database   Summary   Related Articles   Check

....StackGuard[2] and FIST[5] However, most of these tools are solely interested in buffer overflows. Another type of tool in the security assurance domain is the secure data flow tool. Examples of this tool are the taint version of Perl, and the JFlow programming language (a Java extension) [7]. In such tools data are labeled either untrusted or trusted . Untrusted data cannot be passed to trusted items without the programmer explicitly allowing it. Similarly, trusted data cannot be passed to untrusted items for fear of leaking secret information, unless explicitly declassified ....

A. Myers. Practical mostly-static information flow control. In Proceedings of ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, San Antonio, TX, January 1999.

....chance that a programmer would ever write insecure code. This goal is unrealistic. For example, determining whether untrusted data is able to affect trusted data in general is a complex problem; current solutions require the programmer to essentially annotate variables with a security policy [14]. Automating this task appears unrealistic. The C and C languages are unlikely to become inherently more secure anytime soon. To make up for this shortcoming, we believe that programming environments should attempt to ease the burden of writing secure software for the end programmer. For ....

....example, we discussed locating the places in the code where input to the program is possible. From there, the usual goal is to follow program flow to see what damage untrusted input can do. Static language support for such an analysis is now available for a subset of the Java programming language [14]. 8. Conclusion We have presented ITS4, a static analysis tool for C and C . While its parsing model makes it poorly suited for highly accurate static analysis, the same model makes the tool very practical for real world use; even with some facility for a heuristic driven static analysis of the ....

A. Myers. Practical mostly-static information flow control. In Proceedings of ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Antonio, TX, January 1999.

....outputs do not depend on high security inputs. This independence property is often called the noninterference property [8, 9, 17] in the security literature: high security data does not interfere with the calculation of low security outputs. Fragments of the trust calculus [27] and JFlow [22, 23] also appear to satisfy the noninterference property (although this is not proved) Program analyses such as slicing, call tracking, and bindingtime analysis are also based on dependency: the goal of these analyses is to compute a conservative approximation of the parts of a program that may ....

A. C. Myers. Practical mostly-static information flow control. In Conference Record of the Twenty-sixth Annual ACM Symposium on Principles of Programming Languages. ACM, 1999.

No context found.

Andrew C. Myers. Practical mostly-static information flow control. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pages 228--241, San Antonio, Texas, January 1999. 20

No context found.

Andrew C. Myers. Practical mostly-static information flow control. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pages 228--241, San Antonio, Texas, January 1999. 20

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC