Filters








64,121 Hits in 8.6 sec

Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach

Vineeth Kashyap, Ben Wiedermann, Ben Hardekopf
2011 2011 IEEE Symposium on Security and Privacy  
The goal of this paper is to understand the subtleties of timing-and termination-sensitive noninterference, explore the space of possible strategies for enforcing noninterference guarantees, and formalize  ...  Secure information flow guarantees the secrecy and integrity of data, preventing an attacker from learning secret information (secrecy) or injecting untrusted information (integrity).  ...  Acknowledgements: We thank Frank Piessens, Dominique Devriese, and the anonymous reviewers for their comments on this paper.  ... 
doi:10.1109/sp.2011.19 dblp:conf/sp/KashyapWH11 fatcat:o7humqfjafcwjc2zwfk2q5kjdm

Language-based information-flow security

A. Sabelfeld, A.C. Myers
2003 IEEE Journal on Selected Areas in Communications  
Recently, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies.  ...  Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies.  ...  Hicks for helpful comments and the anonymous reviewers for useful feedback.  ... 
doi:10.1109/jsac.2002.806121 fatcat:elktqhzkyfcqhb7kcghzi4j3pe

Information Flow Security Certification for SPARK Programs [chapter]

Sandip Ghosal, R. K. Shyamasundar
2020 Lecture Notes in Computer Science  
In this paper, we propose an analysis to find information flow leaks in a SPARK program using a Dynamic Labelling (DL) approach for multi-level security (MLS) programs and describe an effective algorithm  ...  SPARK platform performs a rigorous data/information flow analysis to ensure the safety and reliability of a program.  ...  [17] was the first exploration towards the flow security in SPARK programs with the focus on termination-and progresssensitive information leaks.  ... 
doi:10.1007/978-3-030-49669-2_8 fatcat:4gpq2ipeobglvpt3qowed6fcem

Tracking Information Flow in Dynamic Tree Structures [chapter]

Alejandro Russo, Andrei Sabelfeld, Andrey Chudnov
2009 Lecture Notes in Computer Science  
This paper explores the problem of tracking information flow in dynamic tree structures.  ...  However, there is more to information flow in a script that runs in a browser than simple data and control-flow dependency.  ...  The paper has benefited from the comments of Christopher Kruegel, Peeter Laud, and the anonymous reviewers. This work was funded by the Swedish research agencies SSF and VR.  ... 
doi:10.1007/978-3-642-04444-1_6 fatcat:si47qnsfjrha5i4h3dguwv3oia

A Taxonomy of Information Flow Monitors [chapter]

Nataliia Bielova, Tamara Rezk
2016 Lecture Notes in Computer Science  
We analyse five widely explored information flow monitors: no-sensitiveupgrade (NSU), permissive-upgrade (PU), hybrid monitor (HM), secure multi-execution (SME), and multiple facets (MF).  ...  We propose a rigorous comparison of information flow monitors with respect to two dimensions: soundness and transparency.  ...  definition of TANI, and anonymous reviewers for feedback that helped to improve this paper.  ... 
doi:10.1007/978-3-662-49635-0_3 fatcat:qpfhbta57vdrrnjv3pjif53rii

Capabilities for information flow

Arnar Birgisson, Alejandro Russo, Andrei Sabelfeld
2011 Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security - PLAS '11  
This paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies.  ...  We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja.  ...  Arnar Birgisson is a recipient of the Google Europe Fellowship in Computer Security, and this research is supported in part by this Google Fellowship.  ... 
doi:10.1145/2166956.2166961 dblp:conf/pldi/BirgissonRS11 fatcat:whq4xzirhnggbkcinhifg5pzfi

Permissive dynamic information flow analysis

Thomas H. Austin, Cormac Flanagan
2010 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security - PLAS '10  
A key challenge in dynamic information flow analysis is handling implicit flows, where code conditional on a private variable updates a public variable x.  ...  This permissiveupgrade strategy is more flexible than the prior approaches such as the no-sensitive-upgrade check.  ...  CONCLUSION We present a permissive-upgrade semantics that tracks information flow in a more flexible manner than prior dynamic approaches, using a new label (P ) to permit partially leaked data without  ... 
doi:10.1145/1814217.1814220 dblp:conf/pldi/AustinF10 fatcat:kifky4vjy5bmxc74qsa4ny6yxu

We Are Family: Relating Information-Flow Trackers [chapter]

Musard Balliu, Daniel Schoepe, Andrei Sabelfeld
2017 Lecture Notes in Computer Science  
While information-flow security is a well-established area, there is an unsettling gap between heavyweight information-flow control, with formal guarantees yet limited practical impact, and lightweight  ...  This paper proposes a framework for exploring the middle ground in the range of enforcement from tainting (tracking data flows only) to fully-fledged information-flow control (tracking both data and control  ...  Acknowledgments This work was partly funded by the European Community under the ProSecuToR project and the Swedish research agency VR.  ... 
doi:10.1007/978-3-319-66402-6_9 fatcat:rntfzahwurdnpotvcyqagvxyvq

Stateless Code Model Checking of Information Flow Security [article]

Elaheh Ghassabani, Mohammad Abdollahi Azgomi
2016 arXiv   pre-print
In this paper, we propose a new method for verifying information flow security in concurrent programs. For the first time, we use stateless code model checking to verify observational determinism.  ...  Observational determinism is a security property that characterizes secure information flow for multithreaded programs.  ...  Type-based approach is insensitive to control flow and rejects many secure programs.  ... 
arXiv:1603.03533v1 fatcat:ifg37ha67bfxdken2xoahvnm5q

Information Flow Monitor Inlining

Andrey Chudnov, David A. Naumann
2010 2010 23rd IEEE Computer Security Foundations Symposium  
We show how to inline an information flow monitor, specifically a flow sensitive one previously proved to enforce termination insensitive noninterference.  ...  In recent years it has been shown that dynamic monitoring can be used to soundly enforce information flow policies.  ...  Acknowledgments: Ale Russo and Andrei Sabelfeld kindly shared drafts of their work and discussed it with us. Cormac Flanagan shared unpublished work on "no sensitive upgrade".  ... 
doi:10.1109/csf.2010.21 dblp:conf/csfw/ChudnovN10 fatcat:6lcqykyuonb5daxgtfk6yhqcqu

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Christian Hammer, Gregor Snelting
2009 International Journal of Information Security  
PDGs have been developed over the last 20 years as a standard device to represent information flow in a program, and today can handle realistic programs.  ...  We then augment PDGs with a lattice of security levels and introduce the flow equations for IFC. We describe algorithms for flow computation in detail and prove their correctness.  ...  Acknowledgements We thank Jens Krinke, who contributed to previous versions of this work, for ongoing discussions on IFC; and Frank Nodes for implementing the Eclipse integration.  ... 
doi:10.1007/s10207-009-0086-1 fatcat:ziiyafhqn5ed3epewrob2atp5u

Foundations for Parallel Information Flow Control Runtime Systems [chapter]

Marco Vassena, Gary Soeller, Peter Amidon, Matthew Chan, John Renner, Deian Stefan
2019 Research Series on the Chinese Dream and China's Development Path  
We present the foundations for a new dynamic information flow control (IFC) parallel runtime system, LIOPAR.  ...  We prove that LIOPAR is secure, i.e., it satisfies progress-and timing-sensitive non-interference, even when exposing clock and heap-statistics APIs.  ...  Introduction Language-level dynamic information flow control (IFC) is a promising approach to building secure software systems.  ... 
doi:10.1007/978-3-030-17138-4_1 dblp:conf/post/VassenaSACRS19 fatcat:yyvea7dydrd75bhyycsgxbn3iy

Quantitative information flow as network flow capacity

Stephen McCamant, Michael D. Ernst
2008 Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation - PLDI '08  
We present a new technique for determining how much information about a program's secret inputs is revealed by its public outputs.  ...  In contrast to previous techniques based on reachability from secret inputs (tainting), it achieves a more precise quantitative result by computing a maximum flow of information between the inputs and  ...  Acknowledgments This research was supported in part by DARPA under contracts FA8750-06-2-0189 and HR0011-06-1-0017, and by an NSF grant CCR-0133580.  ... 
doi:10.1145/1375581.1375606 dblp:conf/pldi/McCamantE08 fatcat:fbstuhgt2vdvlagskjekgcha24

Quantitative information flow as network flow capacity

Stephen McCamant, Michael D. Ernst
2008 SIGPLAN notices  
We present a new technique for determining how much information about a program's secret inputs is revealed by its public outputs.  ...  In contrast to previous techniques based on reachability from secret inputs (tainting), it achieves a more precise quantitative result by computing a maximum flow of information between the inputs and  ...  Acknowledgments This research was supported in part by DARPA under contracts FA8750-06-2-0189 and HR0011-06-1-0017, and by an NSF grant CCR-0133580.  ... 
doi:10.1145/1379022.1375606 fatcat:mzghmfy4lrcm3mogb7zc37p3ki

25 million flows later

Sebastian Lekies, Ben Stock, Martin Johns
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
context-sensitive exploit generation approach.  ...  high impact representative of such security issues.  ...  Acknowledgments This work was in parts supported by the EU Projects Web-Sand (FP7-256964) and STREWS (FP7-318097). The support is gratefully acknowledged.  ... 
doi:10.1145/2508859.2516703 dblp:conf/ccs/LekiesSJ13 fatcat:hulksuxs4neglgugpd5xbsz5ce
« Previous Showing results 1 — 15 out of 64,121 results