Results 1 - 10 of 2,884

Short Paper: On High-Assurance Information-Flow-Secure Programming Languages

by Toby Murray
"... ABSTRACT We argue that high-assurance systems require high-assurance information-flow-secure programming languages. As a step towards such languages, we present the, to our knowledge, first concurrent theory of information flow security that supports (1) compositional reasoning under dynamic assump ..."
Abstract - Add to MetaCart
ABSTRACT We argue that high-assurance systems require high-assurance information-flow-secure programming languages. As a step towards such languages, we present the, to our knowledge, first concurrent theory of information flow security that supports (1) compositional reasoning under dynamic

Language-Based Information-Flow Security

by Andrei Sabelfeld , Andrew C. Myers - IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS , 2003
"... Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."
Abstract - Cited by 827 (57 self) - Add to MetaCart
through the attacker's observations of system output; this policy regulates information flow.

Certification of Programs for Secure Information Flow

by Dorothy E. Denning, Peter J. Denning , 1977
"... This paper presents a certification mechanism for verifying the secure flow of information through a program. Because it exploits the properties of a lattice structure among security classes, the procedure is sufficiently simple that it can easily be included in the analysis phase of most existing c ..."
Abstract - Cited by 490 (1 self) - Add to MetaCart
This paper presents a certification mechanism for verifying the secure flow of information through a program. Because it exploits the properties of a lattice structure among security classes, the procedure is sufficiently simple that it can easily be included in the analysis phase of most existing

Information-Flow Security for Interactive Programs

by Kevin R. O'Neill, Michael R. Clarkson, Stephen Chong
"... Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing langua ..."
Abstract - Cited by 44 (14 self) - Add to MetaCart
Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing

On High-Assurance Information-Flow-Secure

by Toby Murray
"... Early work on information flow security sought to develop theories for proving the absence of unwanted information leakage in high-assurance systems, like those that process classified data. Decades later, modern security-critical systems are more prevalent, face greater security threats, but are ra ..."
Abstract - Add to MetaCart
, but are rarely formally proved to be information-flow secure, not least because doing so remains fairly expensive [5]. Information-flow-secure programming languages, like Jif, JSFlow, LIO and Paragon, offer hope for reducing the cost of building information flow secure systems. However, they are ill

Information-Flow Security for Interactive Programs

by unknown authors
"... Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing languag ..."
Abstract - Add to MetaCart
Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing

Information-Flow Security for Interactive Programs

by unknown authors
"... Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing languag ..."
Abstract - Add to MetaCart
Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existing

Information-Flow Security for Interactive Programs

by unknown authors
"... Abstract. Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existi ..."
Abstract - Add to MetaCart
Abstract. Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further

Information-Flow Security for Interactive Programs

by unknown authors
"... Abstract. Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further, existi ..."
Abstract - Add to MetaCart
Abstract. Interactive programs allow users to engage in input and output throughout execution. The ubiquity of such programs motivates the development of models for reasoning about their information-flow security, yet no such models seem to exist for imperative programming languages. Further

Jflow: Practical mostly-static information flow control.

by Andrew C Myers - In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, , 1999
"... Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too res ..."
Abstract - Cited by 584 (33 self) - Add to MetaCart
Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too
Results 1 - 10 of 2,884