Untrusted hosts and confidentiality: Secure program partitioning (2001) [34 citations — 6 self]

Download:

by Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, Andrew C. Myers

In Proc. 18th ACM Symp. on Operating System Principles (SOSP

http://www.cs.cornell.edu/zdance/zznm01.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Zdancewic01untrustedhosts,
    author = {Steve Zdancewic and Lantian Zheng and Nathaniel Nystrom and Andrew C. Myers},
    title = {Untrusted hosts and confidentiality: Secure program partitioning},
    booktitle = {In Proc. 18th ACM Symp. on Operating System Principles (SOSP},
    year = {2001},
    pages = {1--14}
}

Years of Citing Articles

Abstract:

This paper presents secure program partitioning, a language-based technique for protecting confidential data during computation in distributed systems containing mutually untrusted hosts. Confidentiality and integrity policies can be expressed by annotating programs with security types that constrain information flow; these programs can then be partitioned automatically to run securely on heterogeneously trusted hosts. The resulting communicating subprograms collectively implement the original program, yet the system as a whole satisfies the security requirements of participating principals without requiring a universally trusted host machine. The experience in applying this methodology and the performance of the resulting distributed code suggest that this is a promising way to obtain secure distributed computation.

Citations

811	Proof-Carrying Code – Necula - 1997
556	Kerberos: An Authentication Service for Open Network Systems – Steiner, Neuman, et al. - 1988
545	The Common Object Request Broker: architecture and specification – OMG
483	From System F to typed assembly language – Morrisett, Walker, et al. - 1998
445	A survey of program slicing techniques – Tip - 1995
394	Secure computer systems: Unified exposition and MULTICS interpretation – Bell, LaPadula - 1976
340	A simple protocol for signing contracts – Goldreich
329	A lattice model of secure information flow – Denning - 1976
276	Enforceable Security Policies – Schneider - 2000
241	A sound type system for secure flow analysis – Volpano, Smith, et al. - 1996
231	Integrity considerations for secure computer systems – Biba - 1977
231	Certification of programs for secure information flow – Denning, Denning - 1977
230	JFlow: Practical Mostly-Static Information Flow Control – Myers - 1999
208	How to exchange secrets by oblivious transfer – Rabin - 1981
179	The SLam calculus: programming with secrecy and integrity – Heintze, Riecke - 1998
153	Secure information flow in a multithreaded imperative language – Smith, Volpano - 1998
148	A core calculus of dependency – Abadi, Banerjee, et al. - 1999
118	Unwinding and inference control – Goguen, Meseguer - 1984
115	SSH — secure login connections over the internet – YLONEN - 1996
99	Protecting privacy using the decentralized label model – Myers, Liskov - 2000
96	Transforming out timing leaks – Agat - 2000
86	Robust Declassification – Zdancewic, Myers - 2001
80	Probabilistic noninterference for multithreaded programs – Sabelfeld, Sands - 2000
80	Information Flow in Non deterministic Systems – Wittbold, Johnson - 1990
68	Noninterference, transitivity, and channel-control security policies – Rushby - 1992
58	Information flow inference for free – Pottier, Conchon - 2000
47	Jif: Java Information Flow. Software release. Located at http://www.cs.cornell.edu/jif – Myers, Zheng, et al.
43	The Java Virtual Machine – Lindholm, Yellin - 1996
41	Verifying secrets and relative secrecy – Volpano, Smith - 2000
39	A new type system for secure information flow – Smith - 2001
38	Memoryless subsystems – Fenton - 1974
33	Trust in the *-calculus – Palsberg, Orbaek - 1995
32	Secure program partitioning – Zdancewic, Zheng, et al. - 2002
31	Absorbing covers and intransitive noninterference – Pinsky
27	On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions – Damgard, Kilian, et al. - 1999
25	J.K.: A Comparison of Two Distributed Systems: Amoeba and Sprite – Douglis, Kaashoek, et al. - 1990
25	Secure information flow and CPS – Zdancewic, Myers - 2001
23	A technique for proving specifications are multilevel secure – Feiertag - 1980
23	Property-Based Testing of Privileged Programs – Fink, Levitt - 1994
23	Security kernel validation in practice – Millen - 1976
17	Unravel: A CASE tool to assist evaluation of high integrity software. IR 5691 – Lyle, Wallace, et al. - 1995
17	A generic approach to the security of multi-threaded programs – Mantel, Sabelfeld - 2001
11	et al. Fine-grained mobility in the Emerald system – Jul - 1988
9	A logical approach to multilevel security of probabilistic systems – Gray, Syverson - 1992
8	Information flow analysis of formal specifications – Millen - 1981

View or Download | Add to My Collection | Correct Errors