Untrusted hosts and confidentiality: Secure program partitioning

Operating Systems Review (ACM)

Volumn 35, Issue 5, 2001, Pages 1-14

  Zdancewic, Steve ^a   Zheng, Lantian ^a   Nystrom, Nathaniel ^a   Myers, Andrew C ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); CRYPTOGRAPHY; DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC MAIL;

ACCESS CONTROL; SECURE PROGRAM PARTITIONING;

SECURITY OF DATA;

EID: 0036036793     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/502059.502036     Document Type: Article

References (51)

1. Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon Riecke. A core calculus of dependency. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 147-160, San Antonio, TX, January 1999.
2. Johan Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40-53, Boston, MA, January 2000.
3. D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and Multics interpretation. Technical Report ESD-TR-75-306, MITRE Corp. MTR-2997, Bedford, MA, 1975. Available as NTIS AD-A023 588.
4. K. J. Biba. Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, April 1977.
5. Cryptix. http://uww.cryptix.org/products/cryptix31/.
6. Ivan Damgård, Joe Kilian, and Louis Salvail. On the (im)possibility of basing oblivious transfer and bit commitment on weakened security assumptions. In Jacques Stern, editor, Advances in Cryptology - Proceedings of EUROCRYPT 99, LNCS 1592, pages 56-73. Springer, 1999.
7. Dorothy E. Denning. A lattice model of secure information flow. Comm. of the ACM, 19(5):236-243, 1976.
8. Dorothy E. Denning and Peter J. Denning. Certification of Programs for Secure Information Flow. Comm. of the ACM, 20(7):504-513, July 1977.
9. Department of Defense. Department of Defense Trusted Computer System Evaluation Criteria, DOD 5200.28-STD (The Orange Book) edition, December 1985.
10. Fred Douglis, John K. Ousterhout, M. Frans Kaashoek, and Andrew S. Tanenbaum. A comparison of two distributed systems: Amoeba and Sprite. ACM Transactions on Computer Systems, 4(4), Fall 1991.
11. S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. In R.L. Rivest, A. Sherman, and D. Chaum, editors, Advances in Cryptology: Proc. of CRYPTO 82, pages 205-210. Plenum Press, 1983.
12. Richard J. Feiertag. A technique for proving specifications are multilevel secure. Technical Report CSL-109, SRI International Computer Science Lab, Menlo Park, California, January 1980.
13. J. S. Fenton. Memoryless subsystems. Computing J., 17(2):143-147, May 1974.
14. George Fink and Karl Levitt. Property-based testing of privileged programs. In Proceedings of the 10th Annual Computer Security Applications Conference, pages 154-163, 1994.
15. J. A. Goguen and J. Meseguer. Unwinding and inference control. In Proc. IEEE Symposium on Security and Privacy, pages 75-86, April 1984.
16. J. W. Gray III and P. F. Syverson. A logical approach to multilevel security of probabilistic systems. In Proceedings of the IEEE Symposium on Security and Privacy, pages 164-176, 1992.
17. Nevin Heintze and Jon G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 365-377, San Diego, California, January 1998.
18. Java secure socket extension (JSSE). http://java.sun.com/products/jsse/.
19. E. Jul et al. Fine-grained mobility in the Emerald system. ACM Transactions on Computer Systems, 6(1):109-133, February 1988.
20. T. Lindholm and F. Yellin. The Java Virtual Machine. Addison-Wesley, Englewood Cliffs, NJ, May 1996.
21. J. R. Lyle, D. R. Wallace, J. R. Graham, K. B. Gallagher, J. P. Poole, and D. W. Binkley. Unravel: A CASE tool to assist evaluation of high integrity software. IR 5691, NIST, 1995.
22. Heiko Mantel and Andrei Sabelfeld. A generic approach to the security of multi-threaded programs. In Proc. of the 14th IEEE Computer Security Foundations Workshop, pages 200-214. IEEE Computer Society Press, June 2001.
23. M. D. McIlroy and J. A. Reeds. Multilevel security in the UNIX tradition. Software - Practice and Experience, 22(8):673-694, August 1992.
24. Jonathan K. Millen. Security kernel validation in practice. Comm. of the ACM, 19(5):243-250, May 1976.
25. Jonathan K. Millen. Information flow analysis of formal specifications. In Proc. IEEE Symposium on Security and Privacy, pages 3-8, April 1981.
26. Greg Morrisett, David Walker, Karl Crary, and Neal Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):528-569, May 1999.
27. Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 228-241, San Antonio, TX, January 1999.
28. Andrew C. Myers and Barbara Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.
29. Andrew C. Myers, Nathaniel Nystrom, Lantian Zheng, and Steve Zdancewic. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.
30. George C. Necula. Proof-carrying code. In Proc. 24th ACM Symp. on Principles of Programming Languages (POPL), pages 106-119, January 1997.
31. OMG. The Common Object Request Broker: Architecture and Specification, December 1991. OMG TC Document Number 91.12.1, Revision 1.1.
32. Platform for privacy preferences (P3P). http://www.w3.org/p3p.
33. Jens Palsberg and Peter Ørbaek. Trust in the λ-calculus. In Proc. 2nd International Symposium on Static Analysis, number 983 in Lecture Notes in Computer Science, pages 314-329. Springer, September 1995.
34. Sylvan Pinsky. Absorbing covers and intransitive non-interference. In Proc. IEEE Symposium on Security and Privacy, 1995.
35. François Pottier and Sylvain Conchon. Information flow inference for free. In Proc. 5th ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 46-57, 2000.
36. M. Rabin. How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard Aiken Computation Laboratory, 1981.
37. Java remote method interface (RMI). http://java.sun.com/products/jdk/rmi/.
38. John Rushby. Noninterference, transitivity and channel-control security policies. Technical report, SRI, 1992.
39. Andrei Sabelfeld and David Sands. Probabilistic noninterference for multi-threaded programs. In Proc. of the 13th IEEE Computer Security Foundations Workshop, pages 200-214. IEEE Computer Society Press, July 2000.
40. Fred B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 2001. Also available as TR 99-1759, Computer Science Department, Cornell University, Ithaca, New York.
41. Geoffrey Smith. A new type system for secure information flow. In CSFW14, pages 115-125. IEEE Computer Society Press, jun 2001.
42. Geoffrey Smith and Dennis Volpano. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 355-364, San Diego, California, January 1998.
43. J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. Technical report, Project Athena, MIT, Cambridge, MA, March 1988.
44. Frank Tip. A survey of program slicing techniques. Journal of Programming Languages, 3:121-189, 1995.
45. Dennis Volpano. Verifying secrets and relative secrecy. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), Boston, MA, January 2000.
46. Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167-187, 1996.
47. J. Todd Wittbold and Dale M. Johnson. Information flow in nondeterministic systems. In Proc. IEEE Symposium on Security and Privacy, pages 144-161, May 1990.
48. Tatu Ylonen. SSH - secure login connections over the Internet. In The Sixth USENIX Security Symposium Proceedings, pages 37-42, San Jose, California, 1996.
49. Steve Zdancewic and Andrew C. Myers. Robust declassification. In Proc. of the 14th IEEE Computer Security Foundations Workshop, pages 15-23, Cape Breton, Nova Scotia, Canada, June 2001.
50. Steve Zdancewic and Andrew C. Myers. Secure information flow and CPS. In Proc. of the 10th European Symposium on Programming, volume 2028 of Lecture Notes in Computer Science, pages 46-61, 2001.
51. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Secure program partitioning. Technical Report 2001-1846, Computer Science Dept., Cornell University, 2001.