ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A lattice model of secure information flow
Full text PdfPdf (693 KB)
Source
Communications of the ACM archive
Volume 19 ,  Issue 5  (May 1976) table of contents
Pages: 236 - 243  
Year of Publication: 1976
ISSN:0001-0782
Author
Dorothy E. Denning  Purdue Univ., West Lafayette, IN
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 46,   Downloads (12 Months): 370,   Citation Count: 215
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/360051.360056
What is a DOI?

ABSTRACT

This paper investigates mechanisms that guarantee secure information flow in a computer system. These mechanisms are examined within a mathematical framework suitable for formulating the requirements of secure information flow among security classes. The central component of the model is a lattice structure derived from the security classes and justified by the semantics of information flow. The lattice properties permit concise formulations of the security requirements of different existing systems and facilitate the construction of mechanisms that enforce security. The model provides a unifying view of all systems that restrict information flow, enables a classification of them according to security objectives, and suggests some new approaches. It also leads to the construction of automatic program certification mechanisms for verifying the secure flow of information through a program.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Gregory Richard Andrews, Cops--a protection mechanism for computer systems., 1974
 
2
Bell, D.E., and LaPadula, L.J. Secure computer systems: mathematical foundations and model. M74-244, The MITRE Corp., Bedford, Mass., May 1973.
 
3
Birkhoff, G. Lattice Theory. Amer. Math. Soc. Col. Pub., XXV, 3rd. ed., 1967.
 
4
Dorothy Elizabeth Robling Denning, Secure information flow in computer systems., 1975
 
5
Denning, D.E., Denning, P.J., and Graham, G.S. Selectively confined subsystems. Proc. International Workshop on Protection in Operating Systems. IRIA, Aug. 1974, pp. 55-61.
 
6
Fenton, J.S. Information protection systems. Ph.D. Th., U. of Cambridge, 1973.
 
7
Fenton, J.S. Memoryless subsystems. Computer J. 17, 2 (May 1974), 143-147.
 
8
Fenton, J.S. An abstract computer model demonstrating directional information flow. U. of Cambridge, 1974.
9
R. Stockton Gaines, An operating system based on the concept of a supervisory computer, Communications of the ACM, v.15 n.3, p.150-156, March 1972  [doi>10.1145/361268.361274]
 
10
Gat, I., and Saal, H.J. Memoryless execution: a programmer's viewpoint. IBM Tech. Rep. 025, IBM Israeli Scientific Center, March 1975.
 
11
Graham, G.S., and Denning, P.J. Protection-principles and practice. AFIPS Conf. Proc., Vol. 40, 1972 SJCC, AFIPS Press, Montvale, N.J., pp. 417-429.
12
Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, On protection in operating systems, Proceedings of the fifth ACM symposium on Operating systems principles, p.14-24, November 19-21, 1975, Austin, Texas, United States
 
13
Anita Katherine Jones, Protection in programmed systems., 1973
14
Anita K. Jones , Richard J. Lipton, The enforcement of security policies for computation, Proceedings of the fifth ACM symposium on Operating systems principles, p.197-206, November 19-21, 1975, Austin, Texas, United States
 
15
Lampson, B.W. Protection. Proc. Fifth Princeton Symposium on Information Sciences and Systems, Princeton U., March 1971, pp. 437-443.
16
Butler W. Lampson, A note on the confinement problem, Communications of the ACM, v.16 n.10, p.613-615, Oct. 1973  [doi>10.1145/362375.362389]
 
17
Marvin Lee Minsky, Computation: Finite and Infinite Machines, Prentice-Hall, Inc., Upper Saddle River, NJ, 1967
 
18
Elliott I. Organick, The Multics System: An Examination of Its Structure, The MIT Press, 1972
 
19
Rotenberg, L.J. Making computers keep secrets. Ph.D. Th., MIT, MAC TR-115, Feb. 1974.
20
Michael D. Schroeder , Jerome H. Saltzer, A hardware architecture for implementing protection rings, Communications of the ACM, v.15 n.3, p.157-170, March 1972  [doi>10.1145/361268.361275]
 
21
Stone, H.S. Discrete Mathematical Structures and their Applications. SRI, Chicago 1973.
 
22
Walter, K.G., et al. Modeling the security interface. Rep. No. 1158, Jennings Computing Center, Case Western Reserve U., Aug. 1974.
 
23
Weissman, C. Security controls in the ADEPT-50 time-sharing system. AFIPS Conf. Proc., Vol. 35, 1969 FJCC, AFIPS Press, Montvale, N.J., pp. 417-429.
24
W. Wulf , E. Cohen , W. Corwin , A. Jones , R. Levin , C. Pierson , F. Pollack, HYDRA: the kernel of a multiprocessor operating system, Communications of the ACM, v.17 n.6, p.337-345, June 1974  [doi>10.1145/355616.364017]

CITED BY  215
Richard E. Smith, Cost profile of a highly assured, secure operating system, ACM Transactions on Information and System Security (TISSEC), v.4 n.1, p.72-101, Feb. 2001
Dorothy E. Denning , Peter J. Denning, Data Security, ACM Computing Surveys (CSUR), v.11 n.3, p.227-249, Sept. 1979
Ellis Choen, Information transmission in computational systems, ACM SIGOPS Operating Systems Review, v.11 n.5, p.133-139, November 1977
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, High assurance discretionary access control for object bases, Proceedings of the 1st ACM conference on Computer and communications security, p.140-150, November 03-05, 1993, Fairfax, Virginia, United States
Glenn S. Benson , Ian F. Akyildiz , William F. Appelbe, A formal protection model of security in centralized, parallel, and distributed systems, ACM Transactions on Computer Systems (TOCS), v.8 n.3, p.183-213, Aug. 1990
Jonathon E. Tidswell , John M. Potter, A graphical definition of authorization schema in the DTAC model, Proceedings of the sixth ACM symposium on Access control models and technologies, p.109-120, May 2001, Chantilly, Virginia, United States
Robert H. Bonczek , James I. Cash , Andrew B. Whinston, A transformational grammar-based query processor for access control in a planning system, ACM Transactions on Database Systems (TODS), v.2 n.4, p.326-338, Dec. 1977
Richard P. Reitman , Gregory R. Andrews, Certifying information flow properties of programs: an axiomatic approach, Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.283-290, January 29-31, 1979, San Antonio, Texas
Robert P. Trueblood , H. Rex Hartson , Johannes J. Martin, MULTISAFE—a modular multiprocessing approach to secure database management, ACM Transactions on Database Systems (TODS), v.8 n.3, p.382-409, Sept. 1983
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000
Robert Grimm , Brian N. Bershad, Separating access control policy, enforcement, and functionality in extensible systems, ACM Transactions on Computer Systems (TOCS), v.19 n.1, p.36-70, Feb. 2001
T. Y. Lin, Bell and LaPadula axioms: a “new” paradigm for an “old” model, Proceedings on the 1992-1993 workshop on New security paradigms, p.82-93, August 1993, Little Compton, Rhode Island, United States
Peter Chapin , Christian Skalka , X. Sean Wang, Risk assessment in distributed authorization, Proceedings of the 2005 ACM workshop on Formal methods in security engineering, November 11-11, 2005, Fairfax, VA, USA
Xavier Leroy , François Rouaix, Security properties of typed applets, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.391-403, January 19-21, 1998, San Diego, California, United States
Janice Glasgow , Glenn Macewen , Prakash Panangaden, A logic for reasoning about security, ACM Transactions on Computer Systems (TOCS), v.10 n.3, p.226-264, Aug. 1992
Matt Bishop , Lawrence Snyder, The transfer of information and authority in a protection system, Proceedings of the seventh ACM symposium on Operating systems principles, p.45-54, December 10-12, 1979, Pacific Grove, California, United States
M. Moriconi, A practical approach to semantic configuration management, ACM SIGSOFT Software Engineering Notes, v.14 n.8, p.103-113, Dec. 1989
Ravinderpal S. Sandhu, The NTree: a two dimension partial order for protection groups, ACM Transactions on Computer Systems (TOCS), v.6 n.2, p.197-222, May 1988
David Dobkin , Anita K. Jones , Richard J. Lipton, Secure databases: protection against user influence, ACM Transactions on Database Systems (TODS), v.4 n.1, p.97-106, March 1979
Richard P. Reitman, A mechanism for information control in parallel systems, Proceedings of the seventh ACM symposium on Operating systems principles, p.55-63, December 10-12, 1979, Pacific Grove, California, United States
Jan Vitek , Boris Bokowski, Confined types, ACM SIGPLAN Notices, v.34 n.10, p.82-96, Oct. 1999
Gregory R. Andrews, Parallel programs: proofs, principles, and practice, Communications of the ACM, v.24 n.3, p.140-145, March 1981
G. H. Chisholm , A. S. Wojcik, An Application of Formal Analysis to Software in a Fault-Tolerant Environment, IEEE Transactions on Computers, v.48 n.10, p.1053-1064, October 1999
Christian Skalka , Scott Smith, Static enforcement of security with types, ACM SIGPLAN Notices, v.35 n.9, p.34-45, Sept. 2000
Matt Bishop, Hierarchical Take-Grant Protection systems, ACM SIGOPS Operating Systems Review, v.15 n.5, p.109-122, December 1981
Gregory R. Andrews , Richard P. Reitman, An Axiomatic Approach to Information Flow in Programs, ACM Transactions on Programming Languages and Systems (TOPLAS), v.2 n.1, p.56-76, Jan. 1980
Jonathon E. Tidswell , Geoffrey H. Outhred , John M. Potter, Dynamic rights: safe extensible access control, Proceedings of the fourth ACM workshop on Role-based access control, p.113-120, October 28-29, 1999, Fairfax, Virginia, United States
Carl E. Landwehr , Constance L. Heitmeyer , John McLean, A security model for military message systems, ACM Transactions on Computer Systems (TOCS), v.2 n.3, p.198-222, Aug. 1984
Michael M. Swift , Peter Brundrett , Cliff Van Dyke , Praerit Garg , Anne Hopkins , Shannon Chan , Mario Goertzel , Gregory Jensenworth, Improving the granularity of access control in Windows NT, Proceedings of the sixth ACM symposium on Access control models and technologies, p.87-96, May 2001, Chantilly, Virginia, United States
Janice I. Glasgow , Glenn H. MacEwen, The development and proof of a formal specification for a multilevel secure system, ACM Transactions on Computer Systems (TOCS), v.5 n.2, p.151-184, May 1987
Andrew C. Myers , Barbara Liskov, A decentralized model for information flow control, ACM SIGOPS Operating Systems Review, v.31 n.5, p.129-142, Dec. 1997
Marianne Winslett , Kenneth Smith , Xiaolei Qian, Formal query languages for secure relational databases, ACM Transactions on Database Systems (TODS), v.19 n.4, p.626-662, Dec. 1994
Naoya Nitta , Hiroyuki Seki , Yashiaki Takata, Security verification of programs with stack inspection, Proceedings of the sixth ACM symposium on Access control models and technologies, p.31-40, May 2001, Chantilly, Virginia, United States
Selim G. Akl , Peter D. Taylor, Cryptographic solution to a problem of access control in a hierarchy, ACM Transactions on Computer Systems (TOCS), v.1 n.3, p.239-248, August 1983
Maureen Harris Cheheyl , Morrie Gasser , George A. Huff , Jonathan K. Millen, Verifying Security, ACM Computing Surveys (CSUR), v.13 n.3, p.279-339, Sept. 1981
Nick Feamster , Hari Balakrishnan, Towards a logic for wide-area Internet routing, ACM SIGCOMM Computer Communication Review, v.33 n.4, October 2003
Dale H. Grit , Dennis D. Georg, A top-down, laboratory based operating system course, ACM SIGCSE Bulletin, v.9 n.1, p.73-76, Feb 1977
Richard A. Kemmerer, Shared resource matrix methodology: an approach to identifying storage and timing channels, ACM Transactions on Computer Systems (TOCS), v.1 n.3, p.256-277, August 1983
P. Bieber , J. Cazin , P. Girard , J.-L. Lanet , V. Wiels , G. Zanon, Checking secure interactions of smart card applets: extended version, Journal of Computer Security, v.10 n.4, p.369-398, December 2002
Carl E. Landwehr, Formal Models for Computer Security, ACM Computing Surveys (CSUR), v.13 n.3, p.247-278, Sept. 1981
Paul A. Karger, The Lattice Security Model In A Public Computing Network, Proceedings of the 1978 annual conference, p.453-459, December 04-06, 1978, Washington, D.C., United States
Geoffrey Smith , Dennis Volpano, Secure information flow in a multi-threaded imperative language, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.355-364, January 19-21, 1998, San Diego, California, United States
David P. Reed , Rajendra K. Kanodia, Synchronization with eventcounts and sequencers, Communications of the ACM, v.22 n.2, p.115-123, Feb. 1979
Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM SIGOPS Operating Systems Review, v.25 n.5, p.165-182, Oct. 1991
Ravi S. Sandhu, Lattice-Based Access Control Models, Computer, v.26 n.11, p.9-19, November 1993
Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM Transactions on Computer Systems (TOCS), v.10 n.4, p.265-310, Nov. 1992
Naoya Nitta , Yoshiaki Takata , Hiroyuki Seki, An efficient security verification method for programs with stack inspection, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA
Guy Almes , George Robertson, An extensible file system for hydra, Proceedings of the 3rd international conference on Software engineering, p.288-294, May 10-12, 1978, Atlanta, Georgia, United States
Harry J. Saal , Israel Gat, A hardware architecture for controlling information flow, Proceedings of the 5th annual symposium on Computer architecture, p.73-77, April 03-05, 1978
Steven J. Greenwald, Discussion topic: what is the old security paradigm?, Proceedings of the 1998 workshop on New security paradigms, p.107-118, September 22-26, 1998, Charlottesville, Virginia, United States
David Rine, Possibility theory: As a means for modeling computer security and protection, Proceedings of the eighth international symposium on Multiple-valued logic, p.276-286, January 1978, Rosemont, Illinois, United States
Mark Yudkin, Resource management in a distributed system, ACM SIGCOMM Computer Communication Review, v.13 n.4, p.221-226, October 1983
Keishi Tajima, Static detection of security flaws in object-oriented databases, ACM SIGMOD Record, v.25 n.2, p.341-352, June 1996
Steven J. Greenwald, A new security policy for distributed resource management and access control, Proceedings of the 1996 workshop on New security paradigms, p.74-86, September 17-20, 1996, Lake Arrowhead, California, United States
Nevin Heintze , Jon G. Riecke, The SLam calculus: programming with secrecy and integrity, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.365-377, January 19-21, 1998, San Diego, California, United States
Peter J. Denning, Fault Tolerant Operating Systems, ACM Computing Surveys (CSUR), v.8 n.4, p.359-389, Dec. 1976
Dorothy E. Denning , Peter J. Denning, Certification of programs for secure information flow, Communications of the ACM, v.20 n.7, p.504-513, July 1977
R. Barbuti , C. Bernardeschi , N. De Francesco, Abstract interpretation of operational semantics for secure information flow, Information Processing Letters, v.83 n.2, p.101-108, 31 July 2002
Wm A. Wulf , Chenxi Wang , Darrell Kienzle, A new model of security for distributed systems, Proceedings of the 1996 workshop on New security paradigms, p.34-43, September 17-20, 1996, Lake Arrowhead, California, United States
Steve Zdancewic , Lantian Zheng , Nathaniel Nystrom , Andrew C. Myers, Untrusted hosts and confidentiality: secure program partitioning, ACM SIGOPS Operating Systems Review, v.35 n.5, Dec. 2001
Andrew C. Myers, JFlow: practical mostly-static information flow control, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.228-241, January 20-22, 1999, San Antonio, Texas, United States
Elisa Bertino , Sabrina De Capitani Di Vimercati , Elena Ferrari , Pierangela Samarati, Exception-based information flow control in object-oriented systems, ACM Transactions on Information and System Security (TISSEC), v.1 n.1, p.26-65, Nov. 1998
Samuel T. King , Peter M. Chen, Backtracking intrusions, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
C. Bodei , P. Degano , F. Nielson , H. Riis Nielson, Flow logic for Dolev-Yao secrecy in cryptographic processes, Future Generation Computer Systems, v.18 n.6, p.747-756, May 2002
Jonathon E. Tidswell , Trent Jaeger, An access control model for simplifying constraint expression, Proceedings of the 7th ACM conference on Computer and communications security, p.154-163, November 01-04, 2000, Athens, Greece
Niki Pissinou , Kia Makki , E. K. Park, Towards a framework for integrating multilevel secure models and temporal data models, Proceedings of the third international conference on Information and knowledge management, p.280-287, November 29-December 02, 1994, Gaithersburg, Maryland, United States
Steve Zdancewic , Lantian Zheng , Nathaniel Nystrom , Andrew C. Myers, Secure program partitioning, ACM Transactions on Computer Systems (TOCS), v.20 n.3, p.283-328, August 2002
Samuel T. King , Peter M. Chen, Backtracking intrusions, ACM Transactions on Computer Systems (TOCS), v.23 n.1, p.51-76, February 2005
Mark Hepburn , David Wright, Trust in the pi-calculus, Proceedings of the 3rd ACM SIGPLAN international conference on Principles and practice of declarative programming, p.103-114, September 05-07, 2001, Florence, Italy
Issa Traoré , Suraiya Khan, A protection scheme for collaborative environments, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Jason Crampton, On permissions, inheritance and role hierarchies, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
Joerg Abendroth , Christian D. Jensen, A unified security framework for networked applications, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Cungang Yang , Chang N. Zhang, An approach to secure information flow on Object Oriented Role-based Access Control model, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
David A. Gustafson, Control flow, data flow & data independence, ACM SIGPLAN Notices, v.16 n.10, p.13-19, October 1981
Heiko Mantel , Andrei Sabelfeld, A unifying approach to the security of distributed and multi-threaded programs, Journal of Computer Security, v.11 n.4, p.615-676, 01/01/2004
Shih-Chien Chou, Embedding role-based access control model in object-oriented systems to protect privacy, Journal of Systems and Software, v.71 n.1-2, p.143-161, April 2004
Roberto Giacobazzi , Isabella Mastroeni, Abstract non-interference: parameterizing non-interference by abstract interpretation, ACM SIGPLAN Notices, v.39 n.1, p.186-197, January 2004
Shiuh-Pyng Shieh , Wen-Her Yang, Protecting network users in mobile code systems, Journal of Parallel and Distributed Computing, v.64 n.2, p.191-200, February 2004
David K. Gifford, Cryptographic sealing for information secrecy and authentication, Communications of the ACM, v.25 n.4, p.274-286, April 1982
Johan Agat, Transforming out timing leaks, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.40-53, January 19-21, 2000, Boston, MA, USA
Martín Abadi , Anindya Banerjee , Nevin Heintze , Jon G. Riecke, A core calculus of dependency, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.147-160, January 20-22, 1999, San Antonio, Texas, United States
Andrew C. Myers , Barbara Liskov, Protecting privacy using the decentralized label model, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.410-442, Oct. 2000
Alfred Kobsa , Jörg Schreck, Privacy through pseudonymity in user-adaptive systems, ACM Transactions on Internet Technology (TOIT), v.3 n.2, p.149-183, May 2003
Pierangela Samarati , Elisa Bertino , Alessandro Ciampichetti , Sushil Jajodia, Information Flow Control in Object-Oriented Systems, IEEE Transactions on Knowledge and Data Engineering, v.9 n.4, p.524-538, July 1997
Nael B. Abu-Ghazaleh , Dhananjay S. Phatak, Verification caching: towards efficient and secure mobile code execution environments, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
Chii-Ren Tsai , Virgil D. Gligor , C. S. Shandersekaran, On the Identification of Covert Storage Channels in Secure Systems, IEEE Transactions on Software Engineering, v.16 n.6, p.569-580, June 1990
Yao-Wen Huang , Fang Yu , Christian Hang , Chung-Hung Tsai , Der-Tsai Lee , Sy-Yen Kuo, Securing web application code by static analysis and runtime protection, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA
Cleopas O. Angaye , Steven C. Hansen, Inferential security in individual computing environments, ACM SIGICE Bulletin, v.20 n.1, p.27-32, July 1994
Dorothy E. Denning, Embellishments to the note on information flow into arrays, ACM SIGSOFT Software Engineering Notes, v.5 n.2, p.15-16, April 1980
Computer Security in the Real World, Computer, v.37 n.6, p.37-46, June 2004
Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
Volkmar Lotz , Volker Kessler , Georg H. Walter, A Formal Security Model for Microprocessor Hardware, IEEE Transactions on Software Engineering, v.26 n.8, p.702-712, August 2000
Roshan K. Thomas , Ravi S. Sandhu, A Trusted Subject Architecture for Multilevel Secure Object-Oriented Databases, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.16-31, February 1996
Riccardo Pucella, Specifying confidentiality, ACM SIGACT News, v.35 n.4, December 2004
Shih-Chien Chou, Providing flexible access control to an information flow control model, Journal of Systems and Software, v.73 n.3, p.425-439, November-December 2004
Paul A. Karger , Mary Ellen Zurko , Douglas W. Bonin , Andrew H. Mason , Clifford E. Kahn, A Retrospective on the VAX VMM Security Kernel, IEEE Transactions on Software Engineering, v.17 n.11, p.1147-1165, November 1991
Li Gong , Xiaolei Qian, Enriching the Expressive Power of Security Labels, IEEE Transactions on Knowledge and Data Engineering, v.7 n.5, p.839-841, October 1995
Roberto Barbuti , Cinzia Bernardeschi , Nicoletta De Francesco, Checking security of Java bytecode by abstract interpretation, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
Michael M. Swift , Anne Hopkins , Peter Brundrett , Cliff Van Dyke , Praerit Garg , Shannon Chan , Mario Goertzel , Gregory Jensenworth, Improving the granularity of access control for Windows 2000, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.398-437, November 2002
Yasuhiko Minamide, Static approximation of dynamically generated Web pages, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan
James W. Gray, III , Paul F. Syverson, A logical approach to multilevel security of probabilistic systems, Distributed Computing, v.11 n.2, p.73-90, April 1998
Shih-Chien Chou, An agent-based inter-application information flow control model, Journal of Systems and Software, v.75 n.1-2, p.179-187, 15 February 2005
R. S. Sandhu, Recognizing Immediacy in an N-Tree Hierarchy and its Application to Protection Groups, IEEE Transactions on Software Engineering, v.15 n.12, p.1518-1525, December 1989
C. Mohan, Survey of recent operating systems research, designs and implementations, ACM SIGOPS Operating Systems Review, v.12 n.1, p.53-89, January 1978
Luca Cardelli , Giorgio Ghelli , Andrew D. Gordon, Secrecy and group creation, Information and Computation, v.196 n.2, p.127-155, January 29, 2005
Yanjun Zuo , Brajendra Panda, Component based trust management in the context of a virtual organization, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Wen-Pai Lu , Malur K. Sundareshan, A Model for Multilevel Security in Computer Networks, IEEE Transactions on Software Engineering, v.16 n.6, p.647-659, June 1990
Petros Efstathopoulos , Maxwell Krohn , Steve VanDeBogart , Cliff Frey , David Ziegler , Eddie Kohler , David Mazières , Frans Kaashoek , Robert Morris, Labels and event processes in the asbestos operating system, ACM SIGOPS Operating Systems Review, v.39 n.5, December 2005
Shih-Chien Chou , Chin-Yi Chang, An information flow control model for C applications based on access control lists, Journal of Systems and Software, v.78 n.1, p.84-100, October 2005
Xinwen Zhang , Francesco Parisi-Presicce , Ravi Sandhu , Jaehong Park, Formal model and policy specification of usage control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.351-387, November 2005
Wes Masri , Andy Podgurski, Using dynamic information flow analysis to detect attacks against applications, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
Yolanta Beres , Chris I. Dalton, Dynamic label binding at run-time, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland
Mads Dam, Decidability and proof systems for language-based noninterference relations, ACM SIGPLAN Notices, v.41 n.1, p.67-78, January 2006
M. Moriconi , T. C. Winkler, Approximate Reasoning About the Semantic Effects of Program Changes, IEEE Transactions on Software Engineering, v.16 n.9, p.980-992, September 1990
Matunda Nyanchama , Sylvia Osborn, Role-based security: pros, cons, & some research directions, ACM SIGSAC Review, v.11 n.2, p.11-17, Spring 1993
Zbigniew Michalewicz, Statistical databases: their model, query language and security, Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management, p.391-402, September 27-29, 1983, Los Altos, California
Andrew C. Myers , Andrei Sabelfeld , Steve Zdancewic, Enforcing robust declassification and qualified robustness, Journal of Computer Security, v.14 n.2, p.157-196, January 2006
Micha Moffie , David Kaeli, ASM: application security monitor, ACM SIGARCH Computer Architecture News, v.33 n.5, December 2005
Scott F. Smith , Mark Thober, Refactoring programs to secure information flows, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada
Shih-Chien Chou , Yuan-Chien Chen, Managing role relationships in an information flow control model, Journal of Systems and Software, v.79 n.4, p.507-522, April 2006
Kyung Goo Doh , Seung Cheol Shin, Detection of information leak by data flow analysis, ACM SIGPLAN Notices, v.37 n.8, August 2002
Richard A. Kemmerer , Phillip A. Porras, Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels, IEEE Transactions on Software Engineering, v.17 n.11, p.1166-1185, November 1991
C. Bernardeschi , N. De Francesco , G. Lettieri , L. Martini, Checking secure information flow in java bytecode by code transformation and standard bytecode verification, Software—Practice & Experience, v.34 n.13, p.1225-1255, 10 November 2004
Boniface Hicks , Sandra Rueda , Trent Jaeger , Patrick McDaniel, From trusted to secure: building and executing applications that enforce system security, 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, p.1-14, June 17-22, 2007, Santa Clara, CA
Steve Vandebogart , Petros Efstathopoulos , Eddie Kohler , Maxwell Krohn , Cliff Frey , David Ziegler , Frans Kaashoek , Robert Morris , David Mazières, Labels and event processes in the Asbestos operating system, ACM Transactions on Computer Systems (TOCS), v.25 n.4, p.11-es, December 2007
Neil Vachharajani , Matthew J. Bridges , Jonathan Chang , Ram Rangan , Guilherme Ottoni , Jason A. Blome , George A. Reis , Manish Vachharajani , David I. August, RIFLE: An Architectural Framework for User-Centric Information-Flow Security, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.243-254, December 04-08, 2004, Portland, Oregon
Srijith K. Nair , Patrick N. D. Simpson , Bruno Crispo , Andrew S. Tanenbaum, A Virtual Machine Based Information Flow Control System for Policy Enforcement, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.1, p.3-16, February, 2008
Wes Masri , Andy Podgurski, An empirical study of the strength of information flows in programs, Proceedings of the 2006 international workshop on Dynamic systems analysis, May 23-23, 2006, Shanghai, China
Matthew Pirretti , Patrick Traynor , Patrick McDaniel , Brent Waters, Secure attribute-based systems, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Mikko T. Siponen , Harri Oinas-Kukkonen, A review of information security issues and respective research contributions, ACM SIGMIS Database, v.38 n.1, February 2007
H. Rex Hartson, Architectural approaches to secure databases, ACM SIGSMALL Newsletter, v.6 n.1, p.16-24, June/July 1980
Kevin Borders , Xin Zhao , Atul Prakash, Securing sensitive content in a view-only file system, Proceedings of the ACM workshop on Digital rights management, October 30-30, 2006, Alexandria, Virginia, USA
Ravi Sandhu , Kumar Ranganathan , Xinwen Zhang, Secure information sharing enabled by Trusted Computing and PEI models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
Katia Hristova , Tom Rothamel , Yanhong A. Liu , Scott D. Stoller, Efficient type inference for secure information flow, Proceedings of the 2006 workshop on Programming languages and analysis for security, June 10-10, 2006, Ottawa, Ontario, Canada
Trent Jaeger , Reiner Sailer , Umesh Shankar, PRIMA: policy-reduced integrity measurement architecture, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Xinwen Zhang , Ravi Sandhu , Francesco Parisi-Presicce, Safety analysis of usage control authorization models, Proceedings of the 2006 ACM Symposium on Information, computer and communications security, March 21-24, 2006, Taipei, Taiwan
Jeffrey S. Foster , Robert Johnson , John Kodumal , Alex Aiken, Flow-insensitive type qualifiers, ACM Transactions on Programming Languages and Systems (TOPLAS), v.28 n.6, p.1035-1087, November 2006
Micha Moffie , Winnie Cheng , David Kaeli , Qin Zhao, Hunting Trojan Horses, Proceedings of the 1st workshop on Architectural and system support for improving software dependability, p.12-17, October 21-21, 2006, San Jose, California
Pasquale Malacaria, Assessing security threats of looping constructs, ACM SIGPLAN Notices, v.42 n.1, January 2007
Scott F. Smith , Mark Thober, Improving usability of information flow security in java, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Karl Mazurak , Steve Zdancewic, ABASH: finding bugs in bash scripts, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Han Chen , Pasquale Malacaria, Quantitative analysis of leakage for multi-threaded programs, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Sean W. Smith , Paul S. Pedersen, Organizing electronic services into security taxonomies, Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce, p.14-14, November 18-21, 1996, Oakland, California
Sharon Nachtigal, eBPSM: a new security paradigm for e-business organisations (e-business process security model), Proceedings of the ninth international conference on Electronic commerce, August 19-22, 2007, Minneapolis, MN, USA
Nicoletta De Francesco , Luca Martini, Instruction-level security analysis for information flow in stack-based assembly languages, Information and Computation, v.205 n.9, p.1334-1370, September, 2007
H. Rex Hartson , David K. Hsiao, A semantic model for data base protection languages, Proceedings of the second international conference on Systems for Large Data Bases, p.27-42, September 08-10, 1976, Brussels, Belgium, North Holland
Timothy E. Levin , Cynthia E. Irvine , Clark Weissman , Thuy D. Nguyen, Analysis of three multilevel security architectures, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
Deborah Downs , Gerald J. Popek, A Kernel design for a secure data base management system, Proceedings of the third international conference on Very large data bases, p.507-514, October 06-08, 1977, Tokyo, Japan
Wenjuan Xu , Mohamed Shehab , Gail-Joon Ahn, Visualization based policy analysis: case study in SELinux, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Pasquale Malacaria , Han Chen, Lagrange multipliers and maximum information leakage in different observational models, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Janus Dam Nielsen , Michael I. Schwartzbach, A domain-specific programming language for secure multiparty computation, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Stephen McCamant , Michael D. Ernst, A simulation-based proof technique for dynamic information flow, Proceedings of the 2007 workshop on Programming languages and analysis for security, June 14-14, 2007, San Diego, California, USA
Yi Hu , Zhichun Xiao , Brajendra Panda, Modeling deceptive information dissemination using a holistic approach, Proceedings of the 2007 ACM symposium on Applied computing, March 11-15, 2007, Seoul, Korea
M. Pistoia , S. Chandra , S. J. Fink , E. Yahav, A survey of static analysis methods for identifying security vulnerabilities in software systems, IBM Systems Journal, v.46 n.2, p.265-288, April 2007
Udo Halfmann , Winfried E. Kühnhauser, Embedding security policies into a distributed computing environment, ACM SIGOPS Operating Systems Review, v.33 n.2, p.51-64, April 1999
Xukai Zou , Yogesh Karandikar , Elisa Bertino, A dynamic key management solution to access hierarchy, International Journal of Network Management, v.17 n.6, p.437-450, November 2007
Feng Qin , Cheng Wang , Zhenmin Li , Ho-seop Kim , Yuanyuan Zhou , Youfeng Wu, LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, p.135-148, December 09-13, 2006
Anindya Banerjee , David A. Naumann, Stack-based access control and secure information flow, Journal of Functional Programming, v.15 n.2, p.131-177, March 2005
Petros Efstathopoulos , Eddie Kohler, Manageable fine-grained information flow, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Marvin Schaefer , Barry Gold , Richard Linde , John Scheid, Program confinement in KVM/370, Proceedings of the 1977 annual conference, p.404-410, January 1977
Giampaolo Bella , Stefano Bistarelli, Soft constraint programming to analysing security protocols, Theory and Practice of Logic Programming, v.4 n.5-6, p.545-572, September 2004
Salvador Cavadini, Secure slices of insecure programs, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
Andrew Simpson , Jim Woodcock , Jim Davies, Safety through Security, Proceedings of the 9th international workshop on Software specification and design, p.18, April 16-18, 1998
Masoom Alam , Jean-Pierre Seifert , Qi Li , Xinwen Zhang, Usage control platformization via trustworthy SELinux, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
P. Ørbæk , J. Palsberg, Trust in the λ-calculus, Journal of Functional Programming, v.7 n.6, p.557-591, November 1997
Steve Zdancewic , Andrew C. Myers, Secure Information Flow via Linear Continuations, Higher-Order and Symbolic Computation, v.15 n.2-3, p.209-234, September 2002
Andrei Sabelfeld , David Sands, A Per Model of Secure Information Flow in Sequential Programs, Higher-Order and Symbolic Computation, v.14 n.1, p.59-91, March 2001
Ciarán Bryce , Jan Vitek, The JavaSeal Mobile Agent Kernel, Autonomous Agents and Multi-Agent Systems, v.4 n.4, p.359-384, December 2001
Nickolai Zeldovich , Silas Boyd-Wickizer , David Mazières, Securing distributed systems with information flow control, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.293-308, April 16-18, 2008, San Francisco, California
Paritosh Shroff , Scott F. Smith , Mark Thober, Securing information flow via dynamic capture of dependencies, Journal of Computer Security, v.16 n.5, p.637-688, November 2008
Stephen McCamant , Michael D. Ernst, Quantitative information flow as network flow capacity, ACM SIGPLAN Notices, v.43 n.6, June 2008
Paul Graunke, Verified Safety and Information Flow of a Block Device, Electronic Notes in Theoretical Computer Science (ENTCS), 217, p.187-202, July, 2008
Dorina Ghindici , Gilles Grimaud , Isabelle Simplot-Ryl, Embedding verifiable information flow analysis, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
Maxwell Krohn , Alexander Yip , Micah Brodsky , Natan Cliffer , M. Frans Kaashoek , Eddie Kohler , Robert Morris, Information flow control for standard OS abstractions, ACM SIGOPS Operating Systems Review, v.41 n.6, December 2007
Nickolai Zeldovich , Silas Boyd-Wickizer , Eddie Kohler , David Mazières, Making information flow explicit in HiStar, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
Georgios Portokalidis , Herbert Bos, Eudaemon: involuntary and on-demand emulation against zero-day exploits, ACM SIGOPS Operating Systems Review, v.42 n.4, May 2008
Xinwen Zhang , Masayuki Nakae , Michael J. Covington , Ravi Sandhu, Toward a Usage-Based Security Framework for Collaborative Computing Systems, ACM Transactions on Information and System Security (TISSEC), v.11 n.1, p.1-36, February 2008
Cédric Fournet , Tamara Rezk, Cryptographically sound implementations for typed information-flow security, ACM SIGPLAN Notices, v.43 n.1, January 2008
Guo-Qiang Zhang, Mediating secure information flow policies, Information and Computation, v.205 n.9, p.1413-1425, September, 2007
Timon C. Du , Eldon Y. Li , Jacqueline W. Wong, Document access control in organisational workflows, International Journal of Information and Computer Security, v.1 n.4, p.437-454, October 2007
Tomoya Enokido, Concurrency control based on role concept, International Journal of High Performance Computing and Networking, v.5 n.1/2, p.75-83, November 2007
Sylvia Encheva , Sharil Tumin, Preventing conflict situations during authorization, WSEAS Transactions on Computers, v.7 n.4, p.265-272, April 2008
David Clark , Sebastian Hunt , Pasquale Malacaria, A static analysis for quantifying information flow in a simple imperative language, Journal of Computer Security, v.15 n.3, p.321-371, August 2007
Christian Skalka , X. Sean Wang , Peter Chapin, Risk management for distributed authorization, Journal of Computer Security, v.15 n.4, p.447-489, September 2007
Alan B. Shaffer , Mikhail Auguston , Cynthia E. Irvine , Timothy E. Levin, A security domain model to assess software for exploitable covert channels, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Brian J. Corcoran , Nikhil Swamy , Michael Hicks, Cross-tier, label-based security enforcement for web applications, Proceedings of the 35th SIGMOD international conference on Management of data, June 29-July 02, 2009, Providence, Rhode Island, USA
Nikhil Swamy , Michael Hicks, Verified enforcement of stateful information release policies, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Lantian Zheng , Andrew C. Myers, Securing nonintrusive web encryption through information flow, Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, June 07-13, 2008, Tucson, AZ, USA
Terri Oda , Glenn Wurster , P. C. van Oorschot , Anil Somayaji, SOMA: mutual approval for included content in web pages, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
John McDermott , Leo Freitas, A formal security policy for xenon, Proceedings of the 6th ACM workshop on Formal methods in security engineering, p.43-52, October 27-27, 2008, Alexandria, Virginia, USA
Avik Chaudhuri , Prasad Naldurg , Sriram K. Rajamani , G. Ramalingam , Lakshmisubrahmanyam Velaga, EON: modeling and analyzing dynamic access control systems with logic programs, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Walter Chang , Brandon Streiff , Calvin Lin, Efficient and extensible security enforcement using dynamic data flow analysis, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Alejandro Russo , Koen Claessen , John Hughes, A library for light-weight information-flow security in haskell, Proceedings of the first ACM SIGPLAN symposium on Haskell, September 25-25, 2008, Victoria, BC, Canada
Dave King , Trent Jaeger , Somesh Jha , Sanjit A. Seshia, Effective blame for information-flow violations, Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, November 09-14, 2008, Atlanta, Georgia
Wes Masri , Andy Podgurski, Algorithms and tool support for dynamic information flow analysis, Information and Software Technology, v.51 n.2, p.385-404, February, 2009
Cynthia E. Irvine , Timothy E. Levin , Paul C. Clark , Thuy D. Nguyen, A security architecture for transient trust, Proceedings of the 2nd ACM workshop on Computer security architectures, October 31-31, 2008, Alexandria, Virginia, USA
Charles R. Young, A security policy for a profile-oriented operating system, Proceedings of the May 4-7, 1981, national computer conference, May 04-07, 1981, Chicago, Illinois
Manuel Costa , Jon Crowcroft , Miguel Castro , Antony Rowstron , Lidong Zhou , Lintao Zhang , Paul Barham, Vigilante: End-to-end containment of Internet worm epidemics, ACM Transactions on Computer Systems (TOCS), v.26 n.4, p.1-68, December 2008
Ram Krishnan , Ravi Sandhu , Jianwei Niu , William H. Winsborough, A conceptual framework for Group-Centric secure information sharing, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Tomoya Enokido , Valbona Barolli , Makoto Takizawa, A legal information flow (LIF) scheduler based on role-based access control model, Computer Standards & Interfaces, v.31 n.5, p.906-912, September, 2009
Marco Pistoia , Úlfar Erlingsson, Programming languages and program analysis for security: a three-year retrospective, ACM SIGPLAN Notices, v.43 n.12, December 2008
Nikhil Swamy , Michael Hicks, Verified enforcement of stateful information release policies, ACM SIGPLAN Notices, v.43 n.12, December 2008
Qingfeng He , Annie I. Antón, Requirements-based Access Control Analysis and Policy Specification (ReCAPS), Information and Software Technology, v.51 n.6, p.993-1009, June, 2009
Omer Tripp , Marco Pistoia , Stephen J. Fink , Manu Sridharan , Omri Weisman, TAJ: effective taint analysis of web applications, ACM SIGPLAN Notices, v.44 n.6, June 2009
Ziqing Mao , Ninghui Li , Hong Chen , Xuxian Jiang, Trojan horse resistant discretionary access control, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Serdar Cabuk , Carla E. Brodley , Clay Shields, IP Covert Channel Detection, ACM Transactions on Information and System Security (TISSEC), v.12 n.4, p.1-29, April 2009
Alexander Yip , Neha Narula , Maxwell Krohn , Robert Morris, Privacy-preserving browser-side scripting with BFlow, Proceedings of the fourth ACM european conference on Computer systems, April 01-03, 2009, Nuremberg, Germany
Han Chen , Pasquale Malacaria, Quantifying maximal loss of anonymity in protocols, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Tomoya Enokido , Makoto Takizawa, A purpose-based synchronisation protocol of multiple transactions in multi-agent systems, International Journal of Business Intelligence and Data Mining, v.4 n.1, p.99-117, May 2009
Indrajit Roy , Donald E. Porter , Michael D. Bond , Kathryn S. McKinley , Emmett Witchel, Laminar: practical fine-grained decentralized information flow control, ACM SIGPLAN Notices, v.44 n.6, June 2009
Avraham Shinnar , Marco Pistoia , Anindya Banerjee, A language for information flow: dynamic tracking in multiple interdependent dimensions, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, June 15-21, 2009, Dublin, Ireland
Thomas H. Austin , Cormac Flanagan, Efficient purely-dynamic information flow analysis, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, June 15-21, 2009, Dublin, Ireland
Sandra Rueda , Hayawardh Vijayakumar , Trent Jaeger, Analysis of virtual machine system policies, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Michael Stieghahn , Thomas Engel, Law-aware access control for international financial environments, Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access, June 29-29, 2009, Providence, Rhode Island

INDEX TERMS

Keywords:
information flow, lattice, program certification, protection, security, security class

Collaborative Colleagues:
Dorothy E. Denning: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player