Run-time principals in information-flow type systems

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2004, Issue , 2004, Pages 179-193

  Tse, Stephen ^a   Zdancewic, Steve ^a  

^a UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION-FLOW TYPE SYSTEMS; INFRASTRUCTURES; RUN-TIME INFORMATION; SECURITY POLICIES;

AUTOMATIC TELLER MACHINES; COMPUTER OPERATING SYSTEMS; COMPUTER PROGRAMMING; DATA PROCESSING; DATABASE SYSTEMS; JAVA PROGRAMMING LANGUAGE; MATHEMATICAL MODELS; PROGRAM COMPILERS; SECURITY OF DATA;

INFORMATION TECHNOLOGY;

EID: 3543147869     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECPRI.2004.1301323     Document Type: Conference Paper

References (36)

1. M. Abadi. On SDSI's linked local name spaces. Journal of Computer Security, 6(1-2):3-21, 1998.
2. M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A core calculus of dependency. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 147-160, San Antonio, TX, Jan. 1999.
3. M. Abadi, M. Burrows, B. W. Lampson, and G. D. Plotkin. A calculus for access control in distributed systems. Transactions on Programming Languages and Systems, 15(4):706-734, Sept. 1993.
4. J. Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40-53, Boston, MA, Jan. 2000.
5. D. Aspinall, Subtyping with Singleton Types. In Computer Science Logic, 1994.
6. A. Banerjee and D. A. Naumann. Secure information flow and pointer confinement in a java-like language. In Proc. of the 15th IEEE Computer Security Foundations Workshop, 2002.
7. A. Banerjee and D. A. Naumann. Using access control for secure information flow in a Java-like language. In Proc. of the 16th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, June 2003.
8. K. Crary, D. Walker, and G. Morrisett. Typed memory management in a calculus of capabilities. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 262-275, San Antonio, Texas, Jan. 1999.
9. K. Crary, S. Weirich, and G. Morrisett. Intensional polymorphism in type erasure semantics. Journal of Functional Programming, 12(6):567-600, Nov. 2002.
10. C. Fournet and A. Gordon. Stack inspection: Theory and variants. In Proc. 29th ACM Symp. on Principles of Programming Languages (POPL), pages 307-318, 2002.
11. M. Gasserand E. McDermott. An architecture for practical delegation in a distributed system. In Proc. IEEE Symposium on Security and Privacy, pages 20-30. IEEE Computer Society Press, 1990.
12. J. A. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symposium on Security and Privacy, pages 11-20. IEEE Computer Society Press, Apr. 1982.
13. C. A. Gunter and T. Jim. Generalized certificate revocation. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 316-329, Boston, Massachusetts, Jan. 2000. ACM Press.
14. N. Heintze and J. G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 365-377, San Diego, California, Jan. 1998.
15. J. Howell and D. Kotz. End-to-end authorization. In Proc. USENIX Symp. on Operating Systems Design and Implementation (OSDI), pages 151-164, 2000.
16. T. Jim. SD3: a trust management system with certificate revocation. In IEEE Symposium on Security and Privacy, pages 106-115, 2001.
17. P. Jouvelot and D. K. Gifford. Algebraic reconstruction of types and effects. In A CM Symposium on Principles of Programming Languages, pages 303-310, Jan. 1991.
18. P. Li, Y. Mao, and S. Zdancewic. Information integrity policies. In Proceedings of the Workshop on Formal Aspects in Security & Trust (FAST), Sept. 2003.
19. J. C. Mitchell. Foundations for Programming Languages. Foundations of Computing Series. The MIT Press, 1996.
20. A. C. Myers, S. Chong, N. Nystrom, L. Zheng, and S. Zdancewic. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif.
21. A. C. Myers and B. Liskov. Complete, safe information flow with decentralized labels. In Proc. IEEE Symposium on Security and Privacy, pages 186-197, Oakland, CA, USA, May 1998.
22. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, 2000.
23. B. C. Pierce. Types and Programming Languages. MIT Press, 2002.
24. F. Pottier and S. Conchon. Information flow inference for free. In Proc. 5th ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 46-57, Sept. 2000.
25. F. Pottier and V. Simonet. Information flow inference for ML. In Proc. 29th ACM Symp. on Principles of Programming Languages (POPL), Portland, Oregon, Jan. 2002.
26. F. Pottier, C. Skalka, and S. F. Smith. A Systematic Approach to Static Access Control. In European Symposium on Programming, 2001.
27. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, Jan. 2003.
28. A. Sabelfeld and D. Sands. A PER model of secure information flow in sequential programs. Higher-Order and Symbolic Computation, 14(1):59-91, Mar. 2001.
29. V. Simonet. Flow caml in a nutshell. In G. Button, editor, Proceedings of the first APPSEM-II workshop, pages 152-165, Mar. 2003.
30. S. Tse and S. Zdancewic. Run-time principals in information-flow type systems. Technical Report MSCIS-03-39, University of Pennsylvania, 2004.
31. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167-187, 1996.
32. D.S. Wallach, A. W. Appel, and E. W. Felten. The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology, 9(4), Oct. 2000.
33. D. S. Wallach and E. W. Felten. Understanding Java stack inspection. In Proc. IEEE Symposium on Security and Privacy, Oakland, California, USA, May 1998.
34. S. Zdancewic. A type system for robust declassification. In Proceedings of the Nineteenth Conference on the Mathematical Foundations of Programming Semantics. Electronic Notes in Theoretical Computer Science, Mar. 2003.
35. S. Zdancewic and A. C. Myers. Secure information flow and CPS. In Proc. of the 10th European Symposium on Programming, volume 2028 of Lecture Notes in Computer Science, pages 46-61, Apr. 2001.
36. S. Zdancewic and A. C. Myers. Secure information flow via linear continuations. Higher Order and Symbolic Computation, 15(2/3), 2002.