Implicit flows: Can't live with 'Em, can't live without 'Em

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5352 LNCS, Issue , 2008, Pages 56-70

  King, Dave ^a   Hicks, Boniface ^b   Hicks, Michael ^c   Jaeger, Trent ^a  

^a PENNSYLVANIA STATE UNIVERSITY   (United States)

^b SAINT VINCENT COLLEGE   (United States)

^c UNIVERSITY OF MARYLAND   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ALARM RATES; ANALYSIS TOOLS; SECURITY ANALYSIS; SECURITY PROPERTIES; SECURITY VIOLATIONS; SOFTWARE SYSTEMS;

COMPUTER SOFTWARE; CONCURRENCY CONTROL; CORUNDUM; CRYPTOGRAPHY; ERRORS; INFORMATION SYSTEMS;

ALARM SYSTEMS;

EID: 58449135488     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-89862-7_4     Document Type: Conference Paper

References (25)

1. Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium (2002)
2. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1-12. Springer, Heidelberg (1998)
3. Broadwell, P., Harren, M., Sastry, N.: Scrash: a system for generating secure crash information. In: Proceedings of the 12th conference on USENIX Security Symposium (2003)
4. Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2., pp. 342-363, Springer, Heidelberg (2006)
5. Chen, H., Wagner, D., Dean, D.: Setuid demystified, In: Proceedings of the 11th USEN1X Security Symposium, pp. 171-190. USEN1X Association, Berkeley (2002)
6. Chen, K., Wagner, D.: Large-scale analysis of format string vulnerabilities in Debian Linux. In: Proceedings of the 2007 workshop on Programming languages and analysis for security (2007)
7. Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: IEEE Symposium on Security and Privacy, pp. 354-368 (2008)
8. Flanagan, C, Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI, vol. 37, pp. 234-245 (June 2002)
9. Fortify Software. Fortify, http://www.fortify.com/
10. Foster, J.S., Fähndrich, M., Aiken, A.: A theory of type qualifiers. In: PLDI, pp. 192-203 (1999)
11. Goguen, J.A., Meseguer, J.: Security policies and security models, In: IEEE Symposium on Security and Privacy, pp. 11-20 (1982)
12. Hicks, B., Ahmadizadeh, K., McDaniel, P.: From Languages to Systems: Understanding Practical Application Development in Security-typed Languages, In: Jesshope, C, Egan, C. (eds.) ACSAC 2006. LNCS, vol. 4186. Springer, Heidelberg (2006)
13. Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, p. 9. USEN1X Association, Berkeley (2004)
14. King, D., Jaeger, T., Jha, S., Seshia, S.A.: Effective blame for information-flow violations. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086. Springer, Heidelberg (2008)
15. Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1(4), 323-337 (1992)
16. Martin, M., Livshits, B., Lam, M.S.: Finding application errors and security flaws using PQL: a program query language. In: OOPLSA, pp. 365-383. ACM, New York (2005)
17. McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity, In: PLDI, pp. 193-205 (2008)
18. Myers, A.C.: JFlow: Practical mostly-static information flow control, In: POPL, pp. 228-241 (January 1999)
19. Pottier, F., Simonet, V.: Information flow inference for ML. In: POPL, pp. 319-330. ACM, New York (2002)
20. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)
21. Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th conference on USENIX Security Symposium (2001)
22. Sharir, M., Pnueli, A.: Two approaches to interprocedural dataflow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189-234. Prentice-Hall, Englewood Cliffs (1981)
23. Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EURO CRYPT 2002. LNCS, vol. 2332, pp. 534-546. Springer, Heidelberg (2002)
24. Xie, Y., Aiken, A.: Saturn: A scalable framework for error detection using boolean satisfiability. ACM Transactions on Programming Languages and Systems 29(3) (2007)
25. Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USEN1X Security Symposium, pp. 33-48. USEN1X Association, Berkeley (2002)