Information flow inference for free

PottierFrançois,; ConchonSylvain,

doi:10.1145/357766.351245

Cited by 53 publications

(73 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The vast majority of research on non-interference concerns static analyses and involves type systems [3,27]. Some "real size" languages together with security type system have been developed (for example, JFlow/JIF [5] and FlowCaml [6]).…”

Section: Resultsmentioning

confidence: 99%

Automata-Based Confidentiality Monitoring

Guernic

Banerjee

Jensen

et al. 2007

Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues

View full text Add to dashboard Cite

Non-interference is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. In contrast to static checking of non-interference, this paper considers dynamic, automaton-based, monitoring of information flow for a single execution of a sequential program. The monitoring mechanism is based on a combination of dynamic and static analyses. During program execution, abstractions of program events are sent to the automaton, which uses the abstractions to track information flows and to control the execution by forbidding or editing dangerous actions. The mechanism proposed is proved to be sound, to preserve executions of well-typed programs (in the security type system of Volpano, Smith and Irvine), and to preserve some safe executions of ill-typed programs.

show abstract

Section: Resultsmentioning

confidence: 99%

Automata-Based Confidentiality Monitoring

Guernic

Banerjee

Jensen

et al. 2007

Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues

View full text Add to dashboard Cite

show abstract

“…Type-based analysis for secure information flow is applied to various languages such as simple imperative languages [20,21] and functional languages [4,14,15], object-oriented languages [9], and concurrent languages [6,7,17]. They are useful for conservatively proving that a program has secure information flow, but not at all for disproving it.…”

Section: Related Workmentioning

confidence: 99%

“…A number of type systems for secure information flow have recently been proposed [8,9,14,15,20,21]. Those type systems guarantee that well-typed programs never leak secret information, so that the problem of checking secure information flow is reduced to the problem of type checking.…”

Section: Introductionmentioning

confidence: 99%

Combining type-based analysis and model checking for finding counterexamples against non-interference

Unno

Kobayashi

Yonezawa

2006

Proceedings of the 2006 Workshop on Programming Languages and Analysis for Security

View full text Add to dashboard Cite

Type systems for secure information flow are useful for efficiently checking that programs have secure information flow. They are, however, conservative, so that they often reject safe programs as ill-typed. Accordingly, users have to check whether the rejected programs indeed have insecure flows. To remedy this problem, we propose a method for automatically finding a counterexample of secure information flow (input states that actually lead to leakage of secret information). Our method is a novel combination of typebased analysis and model checking; Suspicious execution paths (that may cause insecure information flow) are first found by using the result of a type-based information flow analysis, and then a model checker is used to check whether the paths are indeed unsafe. We have formalized and implemented the method. The result of preliminary experiments shows that our method can often find counterexamples faster than a method using a model checker alone.

show abstract

“…This model works well for systems incorporating mutual distrust, because labels specify on whose behalf the security policy operates. In particular, label ownership is used to control the use of selective declassification [34], a feature needed for realistic applications of information-flow control.…”

Section: Security Labelsmentioning

confidence: 99%

“…Information flow policies have been enforced using both dynamic [14,25] and language-based techniques [9,27,28,13,53,18,34,35,3,38]. Jif [29,31] is a full-scale implementation of a security-typed language.…”

Section: Related Workmentioning

confidence: 99%

Using replication and partitioning to build secure distributed systems

Zheng

Chong

Myers

et al.

Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405)

View full text Add to dashboard Cite

A challenging unsolved security problem is how to specify and enforce system-wide security policies; this problem is even more acute in distributed systems with mutual distrust. This paper describes a way to enforce policies for data confidentiality and integrity in such an environment. Programs annotated with security specifications are statically checked and then transformed by the compiler to run securely on a distributed system with untrusted hosts. The code and data of the computation are partitioned across the available hosts in accordance with the security specification. The key contribution is automatic replication of code and data to increase assurance of integrity-without harming confidentiality, and without placing undue trust in any host. The compiler automatically generates secure run-time protocols for communication among the replicated code partitions. Results are given from a prototype implementation applied to various distributed programs. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

show abstract

Information flow inference for free

Cited by 53 publications

References 20 publications

Automata-Based Confidentiality Monitoring

Automata-Based Confidentiality Monitoring

Combining type-based analysis and model checking for finding counterexamples against non-interference

Using replication and partitioning to build secure distributed systems

Contact Info

Product

Resources

About