Enforcing Safety Properties Using Type Specialization

Thiemann, Peter

doi:10.1007/3-540-45309-1_5

Cited by 13 publications

(14 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the opposite, our approach consists in first defining an untyped translation, then letting the source type system arise from it. Thiemann's approach to security automata [10] is conceptually much closer to ours: he also starts with an untyped security-passing translation, whose output he then feeds through a standard program specializer, in order to automatically obtain an optimizing translation.…”

Section: Discussionmentioning

confidence: 99%

A Systematic Approach to Static Access Control

Pottier

Skalka

Smith

2001

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. The Java JDK 1.2 Security Architecture includes a dynamic mechanism for enforcing access control checks, so-called stack inspection. This paper studies type systems which can statically guarantee the success of these checks. We develop these systems using a new, systematic methodology: we show that the security-passing style translation, proposed by Wallach and Felten as a dynamic implementation technique, also gives rise to static security-aware type systems, by composition with conventional type systems. To define the latter, we use the general HM(X) framework, and easily construct several constraint-and unification-based type systems. They offer significant improvements on a previous type system for JDK access control, both in terms of expressiveness and in terms of readability of inferred type specifications.

show abstract

Section: Discussionmentioning

confidence: 99%

A Systematic Approach to Static Access Control

Pottier

Skalka

Smith

2001

Programming Languages and Systems

View full text Add to dashboard Cite

show abstract

“…Viewing dynamic as high and static as low we obtain the connection to security. The connection with partial evaluation has been explored by Sabelfeld and Sands [17], [85], Barthe and Serpette [8], and Thiemann [100].…”

Section: Covert Channelsmentioning

confidence: 99%

Language-based information-flow security

Sabelfeld

Myers

2003

IEEE J. Select. Areas Commun.

1,561

1,221

View full text Add to dashboard Cite

Abstract-Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow.Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Recently, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this article we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of recent work in the area and identify some important open challenges.

show abstract

“…Many authors [13,14,19,22] mix static and dynamic techniques to transform programs and make them obey a given policy. Our model allows for local, polyadic policies and events parametrized over dynamically created resources, while the above-mentioned papers only consider global policies and no parametrized events.…”

Section: Discussionmentioning

confidence: 99%

Model Checking Usage Policies

Bartoletti

Degano

Ferrari

et al. 2009

Trustworthy Global Computing

View full text Add to dashboard Cite

We propose a model for specifying, analysing and enforcing safe usage of resources. Our usage policies allow for parametricity over resources, and they can be enforced through finite state automata. The patterns of resource access and creation are described through a basic calculus of usages. In spite of the augmented flexibility given by resource creation and by policy parametrization, we devise an efficient (polynomial-time) model-checking technique for deciding when a usage is resource-safe, i.e. when it complies with all the relevant usage policies.

show abstract

Enforcing Safety Properties Using Type Specialization

Cited by 13 publications

References 29 publications

A Systematic Approach to Static Access Control

A Systematic Approach to Static Access Control

Language-based information-flow security

Model Checking Usage Policies

Contact Info

Product

Resources

About