Proceedings of the Eighth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security 2013
DOI: 10.1145/2465106.2465121
|View full text |Cite
|
Sign up to set email alerts
|

Faceted execution of policy-agnostic programs

Abstract: It is important for applications to protect sensitive data. Even for simple confidentiality and integrity policies, it is often difficult for programmers to reason about how the policies should interact and how to enforce policies across the program. A promising approach is policy-agnostic programming, a model that allows the programmer to implement policies separately from core functionality. Yang et al. describe Jeeves [48], a programming language that supports information flow policies describing how to rev… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
36
0

Year Published

2014
2014
2021
2021

Publication Types

Select...
5
2

Relationship

1
6

Authors

Journals

citations
Cited by 38 publications
(36 citation statements)
references
References 49 publications
(47 reference statements)
0
36
0
Order By: Relevance
“…While previous implementations of Jeeves [7,48] use Scala, we implement Jacqueline in Python, as an extension of Django [1], because of the popularity of both for web programming. Our code is available at https://github.com/ jeanqasaur/jeeves.…”
Section: Methodsmentioning
confidence: 99%
See 2 more Smart Citations
“…While previous implementations of Jeeves [7,48] use Scala, we implement Jacqueline in Python, as an extension of Django [1], because of the popularity of both for web programming. Our code is available at https://github.com/ jeanqasaur/jeeves.…”
Section: Methodsmentioning
confidence: 99%
“…This is because leaks often involve the results of computations on sensitive values, rather than sensitive values themselves. To reduce the opportunity for inadvertent leaks, we present a policy-agnostic approach [7,48]. Using this approach, the programmer factors out the implementation of information flow policies from application code and database queries.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…For example, Chen et al have shown how variational types can be used to recover from type errors during type inference [13] and improve the quality of type errors [12]. Similarly, variational data structures can support the efficient simulation of all possibilities in alternative programming models, such as probabilistic computing; to track context information that controls an algorithm, as in context-oriented programming [26]; or to maintain alternative views of sensitive values corresponding to different privacy policies [6,7,46].…”
Section: Motivating Examplesmentioning
confidence: 99%
“…Toward efficiently testing all variants, several researchers have explored executing a program on variational inputs by lifting a corresponding interpreter [33,34,37,45]. Variational interpreters have also been employed for computing with alternative privacy policies [6,7,46]. Values in the store of a variational interpreter are represented by variational data types.…”
Section: Related Workmentioning
confidence: 99%