Results 1 - 10
of
93
Language-Based Information-Flow Security
- IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS
, 2003
"... Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker throug ..."
Abstract
-
Cited by 827 (57 self)
- Add to MetaCart
Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.
Observational determinism for concurrent program security
- In Proceedings of 16th IEEE Computer Security Foundations Workshop, CSFW’03
, 2000
"... endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution m ..."
Abstract
-
Cited by 79 (9 self)
- Add to MetaCart
(Show Context)
endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
A new type system for deadlock-free processes
- In CONCUR’06, volume 4137 of LNCS
, 2006
"... Abstract. We extend a previous type system for the π-calculus that guarantees deadlock-freedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlock-freedom of processes using recursion. Although the extension ..."
Abstract
-
Cited by 60 (4 self)
- Add to MetaCart
Abstract. We extend a previous type system for the π-calculus that guarantees deadlock-freedom. The previous type systems for deadlockfreedom either lacked a reasonable type inference algorithm or were not strong enough to ensure deadlock-freedom of processes using recursion. Although the extension is fairly simple, the new type system admits type inference and is much more expressive than the previous type systems that admit type inference. In fact, we show that the simply-typed λcalculus with recursion can be encoded into the deadlock-free fragment of our typed π-calculus. To enable analysis of realistic programs, we also present an extension of the type system to handle recursive data structures like lists. Both extensions have already been incorporated into the recent release of TyPiCal, a type-based analyzer for the π-calculus. 1
Type-Based Information Flow Analysis for the Pi-Calculus
- Acta Informatica
, 2003
"... We propose a new type system for information flow analysis for the ..."
Abstract
-
Cited by 52 (10 self)
- Add to MetaCart
We propose a new type system for information flow analysis for the
A certified lightweight non-interference java bytecode verifier
- EUROPEAN SYMPOSIUM ON PROGRAMMING, LECTURE NOTES IN COMPUTER SCIENCE
, 2007
"... Non-interference is a semantical condition on programs that guarantees the absence of illicit information flow throughout their execution, and that can be enforced by appropriate information flow type systems. Much of previous work on type systems for non-interference has focused on calculi or hig ..."
Abstract
-
Cited by 46 (7 self)
- Add to MetaCart
Non-interference is a semantical condition on programs that guarantees the absence of illicit information flow throughout their execution, and that can be enforced by appropriate information flow type systems. Much of previous work on type systems for non-interference has focused on calculi or high-level programming languages, and existing type systems for low-level languages typically omit objects, exceptions, and method calls, and/or do not prove formally the soundness of the type system. We define an information flow type system for a sequential JVM-like language that includes classes, objects, arrays, exceptions and method calls, and prove that it guarantees non-interference. For increased confidence, we have formalized the proof in the proof assistant Coq; an additional benefit of the formalization is that we have extracted from our proof a certified lightweight bytecode verifier for information flow. Our work provides, to our best knowledge, the first sound and implemented information flow type system for such an expressive fragment of the JVM.
Static Confidentiality Enforcement for Distributed Programs
, 2002
"... Preserving the con dentiality of data in a distributed system is an increasingly important problem of current security research. ..."
Abstract
-
Cited by 45 (13 self)
- Add to MetaCart
Preserving the con dentiality of data in a distributed system is an increasingly important problem of current security research.
Type Systems for Concurrent Programs
"... Type systems for programming languages help reasoning about program behavior and early finding of bugs. Recent applications of type systems include analysis of various program behaviors such as side effects, resource usage, security properties, and concurrency. This paper is a tutorial of one of suc ..."
Abstract
-
Cited by 39 (3 self)
- Add to MetaCart
(Show Context)
Type systems for programming languages help reasoning about program behavior and early finding of bugs. Recent applications of type systems include analysis of various program behaviors such as side effects, resource usage, security properties, and concurrency. This paper is a tutorial of one of such applications: type systems for analyzing behavior of concurrent processes. We start with a simple type system and extend it step by step to obtain more expressive type systems to reason about deadlock-freedom, safe usage of locks, etc.
Secure Information Flow via Linear Continuations
- Higher Order and Symbolic Computation
, 2002
"... Security-typed languages enforce secrecy or integrity policies by type-checking. This paper investigates continuation-passing style (CPS) as a means of proving that such languages enforce noninterference and as a rst step towards understanding their compilation. We present a low-level, secure calcu ..."
Abstract
-
Cited by 39 (9 self)
- Add to MetaCart
(Show Context)
Security-typed languages enforce secrecy or integrity policies by type-checking. This paper investigates continuation-passing style (CPS) as a means of proving that such languages enforce noninterference and as a rst step towards understanding their compilation. We present a low-level, secure calculus with higher-order, imperative features and linear continuations.
Strong Normalisation in the π-Calculus
, 2001
"... We introduce a typed π-calculus where strong normalisation is ensured by typability. Strong normalisation is a useful property in many computational contexts, including distributed systems. In spite of its simplicity, our type discipline captures a wide class of converging name-passing interactive b ..."
Abstract
-
Cited by 34 (18 self)
- Add to MetaCart
We introduce a typed π-calculus where strong normalisation is ensured by typability. Strong normalisation is a useful property in many computational contexts, including distributed systems. In spite of its simplicity, our type discipline captures a wide class of converging name-passing interactive behaviour. The proof of strong normalisability combines methods from typed l-calculi and linear logic with process-theoretic reasoning. It is adaptable to systems involving state and other extensions. Strong normalisation is shown to have significant consequences, including finite axiomatisation of weak bisimilarity, a fully abstract embedding of the simply-typed l-calculus with products and sums and basic liveness in interaction.
Securing interaction between threads and the scheduler in the presence of synchronization
- IN PROC. IEEE COMPUTER SECURITY FOUNDATIONS WORKSHOP
, 2006
"... The problem of information flow in multithreaded programs remains an important open challenge. Existing approaches to specifying and enforcing information-flow security often suffer from over-restrictiveness, relying on nonstandard semantics, lack of compositionality, inability to handle dynamic thr ..."
Abstract
-
Cited by 34 (9 self)
- Add to MetaCart
The problem of information flow in multithreaded programs remains an important open challenge. Existing approaches to specifying and enforcing information-flow security often suffer from over-restrictiveness, relying on nonstandard semantics, lack of compositionality, inability to handle dynamic threads, inability to handle synchronization, scheduler dependence, and efficiency overhead for the code that results from security-enforcing transformations. This paper suggests a remedy for some of these shortcomings by developing a novel treatment of the interaction between threads and the scheduler. As a result, we present a permissive noninterference-like security specification and a compositional security type system that provably enforces this specification. The type system guarantees security for a wide class of schedulers and provides a flexible and efficiency-friendly treatment of dynamic threads.