2 Hits in 2.6 sec

CoCon: A Conference Management System with Formally Verified Document Confidentiality

Andrei Popescu, Peter Lammich, Ping Hou
2020 Journal of automated reasoning  
We present a case study in formally verified security for realistic systems: the information flow security verification of the functional kernel of a web application, the CoCon conference management system  ...  Flow Security for Relational Databases".  ...  We are indebted to Andrew Tolmach for discovering CoCon's API layer bug and helping us to identify its cause.  ... 
doi:10.1007/s10817-020-09566-9 fatcat:fy7brseweveldhorib326lltoq

Enabling the Information Transfer between Architecture and Source Code for Security Analysis

Johannes Häring
Die Machbarkeit dieses Ansatzes wird in einer Fallstudie mit Java Object-sensitive ANAlysis und Confidentiality4CBSE evaluiert.  ...  On the source code view, there are JOANA [39] , KeY [32] or Reactive Information Flow Control for Java (JRIF) [40] .  ...  For example, an analysis based on UMLSec [31] can be constructed to analyze information ow and access control.  ... 
doi:10.5445/ir/1000142571 fatcat:u2vseiyr6vgb3pcy4tpwwm2thy