A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf
.
Filters
A Permission-Dependent Type System for Secure Information Flow Analysis
[article]
2017
arXiv
pre-print
We introduce a novel type system for enforcing secure information flow in an imperative language. ...
We take inspiration from a type system by Banerjee and Naumann (BN) to allow security types to be dependent on the permissions of the applications. ...
A Permission-Dependent Type System for Secure Information Flow Analysis
1:17
dependent noninterference. ...
arXiv:1709.09623v1
fatcat:twzprcwjprffbjzboulhflcaem
A Permission-Dependent Type System for Secure Information Flow Analysis
2018
2018 IEEE 31st Computer Security Foundations Symposium (CSF)
We introduce a novel type system for enforcing secure information flow in an imperative language. ...
We take inspiration from a type system by Banerjee and Naumann to allow security types to be dependent on the permissions of the applications. ...
A SECURE INFORMATION FLOW TYPE SYSTEM In this section, we present the proposed information flow type system. ...
doi:10.1109/csf.2018.00023
dblp:conf/csfw/ChenTXL18
fatcat:izwnkyhlxfbdll5o2o2mkz73eu
Security policy analysis using deductive spreadsheets
2007
Proceedings of the 2007 ACM workshop on Formal methods in security engineering - FMSE '07
This approach is introduced with a simple example of analyzing information flow allowed by RBAC policies and then applied in two case studies: analysis of computer system configurations and analysis of ...
This paper explores the use of deductive spreadsheets for security policy analysis. ...
Information-flow analysis determines possible information flows between security contexts or types. ...
doi:10.1145/1314436.1314443
dblp:conf/ccs/SinghRRSW07
fatcat:xzi4fnfgtneztfqq5uyc2yxdny
On modeling system-centric information for role engineering
2003
Proceedings of the eighth ACM symposium on Access control models and technologies - SACMAT '03
Not only can the information model provide those different authorities with a method for both analysis of resources and communication of knowledge in the RE process, but it can also help lay a foundation ...
Afterwards, we discuss two informational flow types among authorities involved in RE process, forward information flow (FIF) and backward information flow (BIF), together with the introduction of an information ...
This work was partially supported at the Laboratory of Information of Integration, Security and Privacy at the University of North Carolina at Charlotte by the grants from National Science Foundation ( ...
doi:10.1145/775412.775434
dblp:conf/sacmat/ShinACJ03
fatcat:c4czxddgkjboheu22lm56qs25u
On modeling system-centric information for role engineering
2003
Proceedings of the eighth ACM symposium on Access control models and technologies - SACMAT '03
Not only can the information model provide those different authorities with a method for both analysis of resources and communication of knowledge in the RE process, but it can also help lay a foundation ...
Afterwards, we discuss two informational flow types among authorities involved in RE process, forward information flow (FIF) and backward information flow (BIF), together with the introduction of an information ...
This work was partially supported at the Laboratory of Information of Integration, Security and Privacy at the University of North Carolina at Charlotte by the grants from National Science Foundation ( ...
doi:10.1145/775433.775434
fatcat:2fktlkbi5fe4rlkcg2ialcqzaq
Cassandra
2014
Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices - SPSM '14
We have proven that Cassandra's security analysis soundly detects all potential information leaks, i.e., all flows of information that violate a user's privacy policy. ...
Cassandra performs the security analysis of apps on a server. ...
Keller for contributing to an early version of Cassandra and the anonymous reviewers for providing valuable comments. ...
doi:10.1145/2666620.2666631
dblp:conf/ccs/LortzMSBSW14
fatcat:mw3ohk73vvdmbd3i64rzez5ekq
Dynamic vs. Static Flow-Sensitive Security Analysis
2010
2010 23rd IEEE Computer Security Foundations Symposium
A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. ...
It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure programs. ...
Acknowledgments Thanks are due to Aslan Askarov, Arnar Birgisson, Andrey Chudnov, and Michael Hicks for interesting discussions. This work was funded by the Swedish research agencies SSF and VR. ...
doi:10.1109/csf.2010.20
dblp:conf/csfw/RussoS10
fatcat:5nxov6n47rehlhqfozdtb4td3y
The Transitivity of Trust Problem in the Interaction of Android Applications
[article]
2012
arXiv
pre-print
Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. ...
In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. ...
In another approach, type-based security combines annotations with dependence graph-based information flow control [27] . ...
arXiv:1204.1458v1
fatcat:ugbmbbqgb5gm3a2mlgfdej6lbm
Information flow based defensive chain for data leakage detection and prevention: a survey
[article]
2021
arXiv
pre-print
Research communities and industries have proposed many Information Flow Control (IFC) techniques for data leakage detection and prevention, including secure modeling, type system, static analysis, dynamic ...
We propose an information flow based defensive chain, which provides a new framework to systematically understand various IFC techniques for data leakage detection and prevention in Mobile and IoT applications ...
[107] proposed a security type system which integrates Denning's lattice-based secure information flow (SIF) framework into LUSTRE, which is a high-level abstract programming model for IoT apps. ...
arXiv:2106.04951v1
fatcat:apib4mmp3va43dv5he7xu3aay4
Finding Tizen security bugs through whole-system static analysis
[article]
2015
arXiv
pre-print
In this research, we describe the design and engineering of a static analysis engine which drives a full information flow analysis for apps and a control flow analysis for the full library stack. ...
With our tools, we found several unexpected behaviors in the Tizen system, including paths through the system libraries that did not have inline security checks. ...
They did not build a tool to detect flow vulnerabilities. They identify security risks for colluding applications in modern permission-based operating systems. ...
arXiv:1504.05967v1
fatcat:aegk3dxdtrgdnorhwndqoobwlm
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model
2007
2007 IEEE Symposium on Security and Privacy (SP '07)
In this paper, we formally introduce Information-Based Access Control (IBAC), a novel security model that verifies that all and only the code responsible for a security-sensitive operation is sufficiently ...
Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action. ...
Banerjee and Naumann [6] augment such a type system with an effect analysis for SBAC, and allow that a procedure's labeling may depend on the permissions authorized for it at runtime; noninterference ...
doi:10.1109/sp.2007.10
dblp:conf/sp/PistoiaBN07
fatcat:6klbjk245ja3nfieq7mxwwdbwe
A Hardware Design Language for Timing-Sensitive Information-Flow Security
2015
SIGPLAN notices
SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. ...
We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. ...
Acknowledgments We thank Tao Chen, Chinawat Isradisaikul, Jed Liu, Dan Lo, Derek Lockhart, Stephen Longfield, Tom Magrino, Matthew Milano and the anonymous reviewers for their helpful suggestions. ...
doi:10.1145/2775054.2694372
fatcat:c2fvcf2jwzhzvg2hqqzfdlsmtm
A Hardware Design Language for Timing-Sensitive Information-Flow Security
2015
SIGARCH Computer Architecture News
SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. ...
We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level. ...
Acknowledgments We thank Tao Chen, Chinawat Isradisaikul, Jed Liu, Dan Lo, Derek Lockhart, Stephen Longfield, Tom Magrino, Matthew Milano and the anonymous reviewers for their helpful suggestions. ...
doi:10.1145/2786763.2694372
fatcat:kwvx44e2rbcr3k56ioidocat6u
Typing illegal information flows as program effects
2012
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security - PLAS '12
We present a type and effect system for determining the least permissive relaxation of a given confidentiality policy that allows to type a program, given a fixed security labeling. ...
Specification of information flow policies is classically based on a security labeling and a lattice of security levels that establishes how information can flow between security levels. ...
Acknowledgments The authors would like to thank the Indes team at INRIA and all anonymous reviewers for discussions and comments that have improved the final outcome of the paper. ...
doi:10.1145/2336717.2336718
dblp:conf/pldi/MatosS12
fatcat:l7gnpj6yzvgo5iuimyd54a2tnq
History-Based Access Control and Secure Information Flow
[chapter]
2005
Lecture Notes in Computer Science
The static analysis is a type and effects analysis where the chief novelty is the use of security types dependent on permission state. ...
The main contributions of this paper are to provide a semantics for history-based access control and a static analysis for confidentiality that takes history-based access control into account. ...
With respect to security type systems, the chief technical novelty was the use of a permission-dependent security type system and the formalization of noninterference for such a type system. ...
doi:10.1007/978-3-540-30569-9_2
fatcat:qj4gum6n3jawfbtgisvkyhxqau
« Previous
Showing results 1 — 15 out of 127,335 results