Filters








12,686 Hits in 6.2 sec

Language-based information-flow security

A. Sabelfeld, A.C. Myers
2003 IEEE Journal on Selected Areas in Communications  
We give a structured view of recent work in the area and identify some important open challenges.  ...  In this article we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies.  ...  ACKNOWLEDGMENT The authors would like to thank M. Hicks for helpful comments and the anonymous reviewers for useful feedback.  ... 
doi:10.1109/jsac.2002.806121 fatcat:elktqhzkyfcqhb7kcghzi4j3pe

Note on a simple type system for non-interference [article]

Steffen van Bakel, Maria Grazia Vigliotti
2011 arXiv   pre-print
The idea is to view channels as information carriers rather than as "events", so that emitting a secret on output channel can be considered safe, while inputting a secret may lead to some kind of leakage  ...  This is in contrast with the standard notion of noninterference for the process calculi where any causal dependency of low-level action from any high-level action is forbidden.  ...  She also observed that the P-BNDC is not closed under general contexts and provided the example reported in this paper. We gratefully acknowledge the Group MIMOSA at INRIA Sophia-Antipolis  ... 
arXiv:1109.4843v1 fatcat:5jmdxlyr25hcpbn7egoowhwuda

Information flow vs. resource access in the asynchronous pi-calculus

Matthew Hennessy, James Riely
2002 ACM Transactions on Programming Languages and Systems  
We propose an extension of the asynchronous π -calculus in which a variety of security properties may be captured using types.  ...  These are an extension of the input/output types for the π-calculus in which I/O capabilities are assigned specific security levels.  ...  ACKNOWLEDGMENTS The authors would like to thank I. Castellani for a careful reading of a draft version of the article and the referees for their many suggestions for improvement.  ... 
doi:10.1145/570886.570890 fatcat:4v5ru7f43bbf3pfmlqpdr4jsye

A Per Model of Secure Information Flow in Sequential Programs [chapter]

Andrei Sabelfeld, David Sands
1999 Lecture Notes in Computer Science  
This paper proposes an extensional semantics-based formal specification of secure information-flow properties in sequential programs based on representing degrees of security by partial equivalence relations  ...  The specification clarifies and unifies a number of specific correctness arguments in the literature, and connections to other forms of program analysis.  ...  In the usual terminology of information flow, we have considered possibilistic information flows.  ... 
doi:10.1007/3-540-49099-x_4 fatcat:64obrmgtujaozptj5hjxbazagy

The SLam calculus

Nevin Heintze, Jon G. Riecke
1998 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '98  
The types of the SLam calculus mingle security information with type information.  ...  Unfortunately, in classic information flow systems, data quickly floats to the highest level of security.  ... 
doi:10.1145/268946.268976 dblp:conf/popl/HeintzeR98 fatcat:uclq7dxrcnd25m5bevbpivwudm

A core calculus of dependency

Martín Abadi, Anindya Banerjee, Nevin Heintze, Jon G. Riecke
1999 Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99  
To establish this thesis, we translate typed calculi for secure information flow, binding-time analysis, slicing, and call-tracking into DCC.  ...  The translations help clarify aspects of the source calculi. We also define a semantic model for DCC and use it to give simple proofs of noninterference results for each case.  ...  Anindya Banerjee is a member of the Church Project and is supported in part by NSF grant EIA-9806835.  ... 
doi:10.1145/292540.292555 dblp:conf/popl/AbadiBHR99 fatcat:di3m7hpk5bbe3eovu2n3zozhse

Flow Locks: Towards a Core Calculus for Dynamic Flow Policies [chapter]

Niklas Broberg, David Sands
2006 Lecture Notes in Computer Science  
a static view of security levels.  ...  The static verification of secure information flow has been a popular theme in recent programming language research, but information flow policies considered are based on multilevel security which presents  ...  This work was partly supported by the Swedish research agencies SSF, VR and Vinnova, and by the Information Society Technologies programme of the European Commission, Future and Emerging Technologies under  ... 
doi:10.1007/11693024_13 fatcat:gsf2ouwoxvhilnidxiv232b4yu

Enhancing Privacy Implementations of Database Enquiries

Florian Kammüller, Reiner Kammüller
2009 2009 Fourth International Conference on Internet Monitoring and Protection  
We would like to thank Jeff Sanders for helping us to get the initial understanding and the anonymous referees for constructive criticism.  ...  use existing formalizations of non-interference for the π calculus [7] to demonstrate information flow security.  ...  Some of these covert channels -the ones inherent in the logic of programs -can be identified by a painstaking information flow analysis [4] .  ... 
doi:10.1109/icimp.2009.15 fatcat:mdpcdvmb4rhfxjkqi3nc3x5ugu

A Survey of Name-Passing Calculi and Crypto-Primitives [chapter]

Michele Bugliesi, Giuseppe Castagna, Silvia Crafa, Riccardo Forcardi, Vladimiro Sassone
2004 Lecture Notes in Computer Science  
First, in trying to provide a coherent presentation of different ideas and techniques, one inevitably ends up leaving out the approaches that do not fit the intended roadmap.  ...  As a consequence, we decided to concentrate on few papers that introduce the main ideas, in the hope that discussing them in some detail will provide sufficient insight for further reading.  ...  In Section 5 we discuss the security π-calculus, a typed version of the asynchronous π-calculus, which applies type based techniques provide security resource access control and information flow security  ... 
doi:10.1007/978-3-540-24631-2_3 fatcat:cjtedz44njfzvntbdzpyj5hjga

Integration of a security type system into a program logic

Reiner Hähnle, Jing Pan, Philipp Rümmer, Dennis Walter
2008 Theoretical Computer Science  
Language-based security Information-flow analysis Dynamic logic Security type system Formal verification a b s t r a c t Type systems and program logics are often thought to be at opposing ends of the  ...  In this paper we show that a flow-sensitive type system ensuring non-interference in a simple while-language can be expressed through specialised rules of a program logic.  ...  The comments of the anonymous reviewers helped to improve the paper in several respects.  ... 
doi:10.1016/j.tcs.2008.04.033 fatcat:byahnpjqynhtfgfctzfzy64m74

PicNIc - Pi-calculus non-interference checker

S. Crafa, M. Mio, M. Miculan, C. Piazza, S. Rossi
2008 2008 8th International Conference on Application of Concurrency to System Design  
PICNIC is a tool for verifying security properties of systems, namely non-interference properties of processes expressed as terms of the π-calculus with two security levels and declassification primitives  ...  Notably, PICNIC has been developed in Fresh O'CaML, a dialect of CaML with native support for binders and fresh/local names; thus, this work can be seen also as a non-trivial case study about the applicability  ...  In order to introduce a mechanism into the π-calculus for the secure downgrading of information, in [1] the syntax of the language has been enriched with a family of declassified actions of the form  ... 
doi:10.1109/acsd.2008.4574592 dblp:conf/acsd/CrafaMMPR08 fatcat:zfdnngkgpjhunlpnl2eo2oe6aq

Confinement for Active Objects [article]

Florian Kammueller
2014 arXiv   pre-print
We further provide a security type system for the programming model ASPfun of functional active objects. Type safety and a confinement property are presented. ASPfun thus realizes secure down calls.  ...  In this paper, we provide a formal framework for the security of distributed active objects. Active objects communicate asynchronously implementing method calls via futures.  ...  This constraint is what we expect for information flow security. If the guard of an if-then-else can only be typed in a H-P C then its branches must also be "lifted" to H.  ... 
arXiv:1405.0867v1 fatcat:kq2d4cfhzbg4xfu7z7e7atz52m

Transactional Correctness for Secure Nested Transactions [chapter]

Dominic Duggan, Ye Wu
2012 Lecture Notes in Computer Science  
This article considers correctness in terms of transactional properties for secure nested transactions. Correctness is expressed in terms of a labeled transition system, the TauZero calculus.  ...  Secure Nested Transactions are an adaptation of traditional nested transactions to support the synergy of language-based security and multi-level database security.  ...  We assume a security type system to prevent information flow leaks, by classifying data as High or Low. The details of this type system are provided in a technical report [7] .  ... 
doi:10.1007/978-3-642-30065-3_11 fatcat:5xz25ugazfg7zl445zyeapveiq

Information flow safety in multiparty sessions

SARA CAPECCHI, ILARIA CASTELLANI, MARIANGIOLA DEZANI-CIANCAGLINI
2015 Mathematical Structures in Computer Science  
We propose a monitored semantics for this calculus, which blocks the execution of processes as soon as they attempt to leak information.  ...  We illustrate the use of this semantics with various examples, and show that the induced safety property is compositional and that it is strictly included between a typability property and a security property  ...  Acknowledgments We would like to thank Kohei Honda, Nobuko Yoshida and the anonymous referees for helpful feedback.  ... 
doi:10.1017/s0960129514000619 fatcat:7qtv7iawc5aq3noiqs2wwye77q

Liberalizing Dependency [article]

Avik Chaudhuri
2010 arXiv   pre-print
The dependency core calculus (DCC), a simple extension of the computational lambda calculus, captures a common notion of dependency that arises in many programming language settings.  ...  This notion of dependency is closely related to the notion of information flow in security; it is sensitive not only to data dependencies that cause explicit flows, but also to control dependencies that  ...  Introduction The dependency core calculus (DCC) [2] is a simple extension of the computational lambda calculus [20] , where each level ℓ in a lattice is associated with a type constructor T ℓ that behaves  ... 
arXiv:1004.1211v1 fatcat:gmwaci65gvgvjnhnwjkejekvjm
« Previous Showing results 1 — 15 out of 12,686 results