Refactoring programs to secure information flows

PLAS 2006 - Proceedings of the 2006 Programming Languages and Analysis for Security Workshop

Volumn 2006, Issue , 2006, Pages 75-84

  Smith, Scott F ^a   Thober, Mark ^a  

^a JOHNS HOPKINS UNIVERSITY   (United States)

Author keywords

Declassification; Information flow; Refactoring; Slicing

Indexed keywords

DATA PROCESSING; FLOW CONTROL; LAW ENFORCEMENT; SECURITY OF DATA;

DECLASSIFICATION; INFORMATION FLOW; REFACTORING; SLICING;

COMPUTER PROGRAMMING LANGUAGES;

EID: 33745938077     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1134744.1134758     Document Type: Conference Paper

References (31)

1. Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. A core calculus of dependency. In POPL '99: Proceedings of the 26th ACM SIGPLAN-SIGACT svmposium on Principles of programming languages, pages 147-160. New York, NY, USA, 1999. ACM Press.
2. Torben Amtoft and Anindya Banerjee. A logic for information flow analysis with an application to forward slicing of simple imperative programs. Science of Computer Programming. To appear.
3. Anindya Banerjee and David Naumann. Using access control for secure information flow in a java-like language. In Proc. IEEE Computer Security Foundations Workshop (CSFW), pages 155-169. IEEE Computer Society Press, 2003., 2003.
4. David E. Bell and Leonard J. LaPadula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997, The MITRE Corporation, Bedford, MA, 1975.
5. David Brumley and Dawn Song. Privtrans: Automatically partitioning programs for privilege separation. In Proceedings of the 13th USENIX Security Symposium, August 2004.
6. Frank W. Calliss. Problems with automatic restructurera. SIGPLAN Notices, 23(3): 13-21, 1988.
7. Dorothy E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236-243, 1976.
8. Mike Downen. Find out what's new with code access security in the .netframework2.0. http://msdn.microsoft.com/msdnmag/ issues/05/11/ CodeAccessSecurity/, November 2005.
9. Joseph A. Goguen and José Meseguer. Security policies and security models. In IEEE Symposium on Security and Privacy, pages 11-20, 1982.
10. GrammaTech, Inc. Codesurfer. http://www.grammatech.com/products/ codesurfer/index.html.
11. Christian Hammer, Jens Krinke, and Gregor Snelting. Information flow control for Java based on path conditions in dependence graphs. In IEEE International Symposium on Secure Software Engineering, 2006.
12. Kevin Heintze and Jon G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 365-377, Jan. 1998.
13. Peng Li and Steve Zdancewic. Downgrading policies and relaxed noninterference. In POPL '05; Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 158-170, New York, NY, USA, 2005. ACM Press.
14. Tom Mens and Tom Tourwé. A survey of software refactoring. IEEE Transactions on Software Engineering, 30(2): 126-139, February 2004.
15. Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Symposium on Principles of Programming Languages, pages 228-241, 1999.
16. Andrew C. Myers and Barbara Liskov. A decentralized model for information flow control. In Symposium on Operating Systems Principles, pages 129-142, 1997.
17. Franois Pettier and Vincent Simonet. Information flow inference for ML. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages (POPL'02), pages 319-330, Portland, Oregon, January 2002.
18. Niels Provos, Markus Friedl, and Peter Honeyman. Preventing privilege escalation. In 12th USENIX Security Symposium, Washington, DC, August 2003.
19. Venkatesh Prasad Ranganath, Torben Amtoft, Anindya Banerjee, Matthew B. Dwyer, and John Hatcliff. Indus. http://indus.projects.cis.ksu.edu/.
20. Andrei Sabelfeld and Andrew C. Myers. Language-based information-flow security. IEEE Jounal on Selected Areas in Communications, 21(1), January 2003.
21. Scott F. Smith and Mark Thober. Securing data at Java IO boundaries, http://www.cs.jhu.edu/_mthober/securingdata06.pdf.Draft.
22. Gregor Snelting, Torsten Robschink, and Jens Krinke. Efficient path conditions in dependence graphs for software safety analysis. ACM Transactions on Software Engineering and Methodology. To appear.
23. Sun Microsystems, Inc, Security code guidelines. http://java.sun.com/ security/seccodeguide.html, February 2000.
24. Clemens Szyperski. Component Software; Beyond Object-Oriented Programming. Addison-Wesley, January 1998.
25. Frank Tip. A survey of program slicing techniques. Journal of programming languages, 3:121-189, 1995.
26. Lance Tokuda and Don Batory. Evolving object-oriented designs with refactorings. Automated Software Eng., 8(1):89-120, 2001.
27. Mathieu Verbaere. Program slicing for refactoring, 2003. MSc thesis, University of Oxford.
28. Dennis M. Volpano and Geoffrey Smith. A type-based approach to program security. In TAPSOFT, pages 607-621, 1997.
29. Mark Weiser. Program slicing. IEEE Trans. Softw. Eng., 10(4):352-357, July 1984.
30. Tatu Ylonen. Ssh client program, 1995.
31. Tutu Ylonen. Ssh manpage, Nov. 8 1995.