Statically checking confidentiality via dynamic labels

Proceedings of the 2005 Workshop on Issues in the Theory of Security, WITS '05

Volumn , Issue , 2005, Pages 50-57

  Jacobs, Bart ^a   Pieters, Wolter ^a   Warnier, Martijn ^a  

^a RADBOUD UNIVERSITY NIJMEGEN   (Netherlands)

Author keywords

(Higher Order) theorem proving; abstract interpretation; confidentiality; formal verification; static analysis

Indexed keywords

(HIGHER ORDER) THEOREM PROVING; ABSTRACT INTERPRETATIONS; FORMAL VERIFICATION; FORMAL VERIFICATIONS; HIGHER ORDER;

ABSTRACTING; PROBLEM SOLVING; PROGRAM INTERPRETERS; STATIC ANALYSIS;

THEOREM PROVING;

EID: 70349118502     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1045405.1045411     Document Type: Conference Paper

References (27)

1. Ádám Darvas, Reiner Hähnle, and Dave Sands. A theorem proving approach to analysis of secure information flow. In Roberto Gorrieri, editor, Workshop on Issues in the Theory of Security, WITS. IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS, 2003.
2. Wolfgang Ahrendt, Thomas Baar, Bernhard Beckert, Richard Bubel, Martin Giese, Reiner Hähnle, Wolfram Menzel, Wojciech Mostowski, Andreas Roth, Steffen Schlager, and Peter H. Schmitt. The KeY tool. Software and System Modeling, 2003. To appear.
3. Marco Avvenuti, Cinzia Bernardeschi, and Nicoletta De Francesco. Java bytecode verification for secure information flow. ACM SIGPLAN Notices, 38(12):20-27, 2003.
4. Anindya Banerjee and David A. Naumann. Stack-Based Access Control for Secure Information Flow. Journal of Functional Programming, 200x. Special Issue on Language-Based Security, To appear.
5. Giles Barthe, Amitabh Basu, and Tamara Rezk. Security Types Preserving Compilation. In VMCAI'04 Proceedings, LNCS. Springer, Berlin, 2004.
6. K. J. Biba. Integrity considerations for secure computer systems. Technical Report MTR-3153, MITRE Corp., 1977.
7. Zhiqun Chen. Java Card technology for smart cards: architecture and programmer's guide. Addison-Wesley, June 2000.
8. David R. Cok and Joseph R. Kiniry. ESC/Java2: Uniting ESC/Java and JML. Technical Report NIII-R0413, Nijmegen Institute for Computer and Information Sciences, 2004. available at http://www.cs.ru.nl/research/reports/info/NIII- R0413.html.
9. David R. Cok and Joseph R. Kiniry. ESC/Java2: Uniting ESC/Java and JML. In Proceedings of CASSIS: Construction and Analysis of Safe, Secure and Interoperable Smart devices, LNCS. Springer-Verlag, to appear. See the associated technical rapport [8].
10. P. Cousot. Abstract interpretation. Symposium on Models of Programming Languages and Computation, ACM Computing Surveys, 28(2):324-328, June 1996.
11. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the Fourth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 238-252, Los Angeles, California, 1977. ACM Press, New York, NY.
12. Dorothy E. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5), May 1976.
13. Dorothy E. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
14. Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7):504-513, July 1977.
15. Roberto Giacobazzi and Isabella Mastroeni. Abstract Non-Interference: Parameterizing Non-Interference by Abstract Interpretation. In POPL04 proceedings, 2004.
16. J. Goguen and J. Meseguer. Security policies and security models. In IEEE Symp. on Security and Privacy, pages 11-20. IEEE Comp. Soc. Press, 1982.
17. R. Joshi and K.R.M Leino. A semantic approach to secure information flow. Science of Comput. Progr., 37(1-3):113-138, 2000.
18. Butler W. Lampson. A note on the Confinement Problem. Communications of the ACM, 16(10):613-615, 1973.
19. Hanne Riis Nielson and Flemming Nielson. Semantics with Applications. Wiley Professional Computing, 1992.
20. S. Owre, J.M. Rushby, N. Shankar, and F. von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Trans. on Softw. Eng., 21(2):107-125, 1995.
21. L.C. Paulson. Isabelle: A Generic Theorem Prover. Number 828 in LNCS. Springer, Berlin, 1994.
22. Franois Pottier and Vincent Simonet. Information flow inference for ML. ACM Transactions on Programming Languages and Systems, 25(1):117-158, January 2003.
23. The PVS website, http://pvs.csl.sri.com/.
24. Andrei Sabelfeld and Andrew C. Myers. Language-Based Information-Flow Security. IEEE Journal on selected areas in communications, 21(1), 2003.
25. Martin Strecker. Formal analysis of an information flow type system for MicroJava (extended version). Technical report, Technische Universität München, July 2003.
26. Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of computer security, 4(3):167-187, 1996.
27. M. Zanotti. Security Typings by Abstract Interpretation. In SAS, volume 2477 of LNCS, pages 360-375. Springer-Verlag, September 2002.