ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Statically checking confidentiality via dynamic labels
Full text PdfPdf (196 KB)
Source Annual Symposium on Principles of Programming Languages archive
Proceedings of the 2005 workshop on Issues in the theory of security table of contents
Long Beach, California
Pages: 50 - 56  
Year of Publication: 2005
ISBN:1-58113-980-2
Authors
Bart Jacobs  Radboud University Nijmegen, Nijmegen, The Netherlands
Wolter Pieters  Radboud University Nijmegen, Nijmegen, The Netherlands
Martijn Warnier  Radboud University Nijmegen, Nijmegen, The Netherlands
Sponsor
SIGPLAN: ACM Special Interest Group on Programming Languages
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 22,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1045405.1045411
What is a DOI?

ABSTRACT

This paper presents a new approach for verifying confidentiality for programs, based on abstract interpretation. The framework is formally developed and proved correct in the theorem prover PVS. We use dynamic labeling functions to abstractly interpret a simple programming language via modification of security levels of variables. Our approach is sound and compositional and results in an algorithm for statically checking confidentiality.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Ádám Darvas, Reiner Hähnle, and Dave Sands. A theorem proving approach to analysis of secure information flow. In Roberto Gorrieri, editor, Workshop on Issues in the Theory of Security, WITS. IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS, 2003.
 
2
Wolfgang Ahrendt, Thomas Baar, Bernhard Beckert, Richard Bubel, Martin Giese, Reiner Hähnle, Wolfram Menzel, Wojciech Mostowski, Andreas Roth, Steffen Schlager, and Peter H. Schmitt. The KeY tool. Software and System Modeling, 2003. To appear.
3
Marco Avvenuti , Cinzia Bernardeschi , Nicoletta De Francesco, Java bytecode verification for secure information flow, ACM SIGPLAN Notices, v.38 n.12, December 2003  [doi>10.1145/966051.966055]
 
4
Anindya Banerjee , David A. Naumann, Stack-based access control and secure information flow, Journal of Functional Programming, v.15 n.2, p.131-177, March 2005  [doi>10.1017/S0956796804005453]
 
5
Giles Barthe, Amitabh Basu, and Tamara Rezk. Security Types Preserving Compilation. In VMCAI'04 Proceedings, LNCS. Springer, Berlin, 2004.
 
6
K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, MITRE Corp., 1977.
 
7
Zhiqun Chen, Java Card Technology for Smart Cards: Architecture and Programmer's Guide, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2000
 
8
David R. Cok and Joseph R. Kiniry. ESC/Java2: Uniting ESC/Java and JML. Technical Report NIII-R0413, Nijmegen Institute for Computer and Information Sciences, 2004. available at http://www.cs.ru.nl/research/reports/info/NIII-R0413.html.
 
9
David R. Cok and Joseph R. Kiniry. ESC/Java2: Uniting ESC/Java and JML. In Proceedings of CASSIS: Construction and Analysis of Safe, Secure and Interoperable Smart devices, LNCS. Springer-Verlag, to appear. See the associated technical rapport {8}.

CITED BY  3
Gilles Barthe , Tamara Rezk , Amitabh Basu, Security types preserving compilation, Computer Languages, Systems and Structures, v.33 n.2, p.35-59, July, 2007
Nicoletta De Francesco , Luca Martini, Instruction-level security analysis for information flow in stack-based assembly languages, Information and Computation, v.205 n.9, p.1334-1370, September, 2007
M. Alba-Castro , M. Alpuente , S. Escobar , P. Ojeda , D. Romero, A Tool for Automated Certification of Java Source Code in Maude, Electronic Notes in Theoretical Computer Science (ENTCS), 248, p.19-29, August, 2009

INDEX TERMS

Keywords:
(Higher Order) theorem proving, abstract interpretation, confidentiality, formal verification, static analysis

Collaborative Colleagues:
Bart Jacobs: colleagues
Wolter Pieters: colleagues
Martijn Warnier: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player