Internet Archive Scholar

An Automatic Inference of Minimal Security Types [chapter]

Dominik Bollmann, Steffen Lortz, Heiko Mantel, Artem Starostin
2015 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (530.8 kB)
https://web.archive.org/web/20170809152224/http://www.mais.informatik.tu-darmstadt.de/WebBibPHP/papers/2015/type-inference-iciss15.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Type-based information-flow analyses provide strong end-toend confidentiality guarantees for programs. Yet, such analyses are not easy to use in practice, as they require all information containers in a program to be annotated with security types, which is a tedious and error-prone task -if done manually. In this article, we propose a new algorithm for inferring such security types automatically. We implement our algorithm as an Eclipse plug-in, which enables software engineers to use it for
more » ... ifying confidentiality requirements in their programs. We experimentally show our implementation to be effective and efficient. We also analyze theoretical properties of our security-type inference algorithm. In particular, we prove it to be sound, complete, minimal, and of linear time-complexity in the size of the program analyzed.
doi:10.1007/978-3-319-26961-0_24 fatcat:yitkrwes7reu7cxqtqdgwgkwhe
Citation

Dominik Bollmann, Steffen Lortz, Heiko Mantel, Artem Starostin. "An Automatic Inference of Minimal Security Types." Lecture Notes in Computer Science (2015) 395-415