English
Related papers

Related papers: Towards a Flow- and Path-Sensitive Information Flo…

200 papers
Very Static Enforcement of Dynamic Policies

Security policies are naturally dynamic. Reflecting this, there has been a growing interest in studying information-flow properties which change during program execution, including concepts such as declassification, revocation, and…

Cryptography and Security · Computer Science 2015-01-13 Bart van Delft , Sebastian Hunt , David Sands
Dynamic Intransitive Noninterference Revisited

The paper studies dynamic information flow security policies in an automaton-based model. Two semantic interpretations of such policies are developed, both of which generalize the notion of TA-security [van der Meyden ESORICS 2007] for…

Cryptography and Security · Computer Science 2016-01-21 Sebastian Eggert , Ron van der Meyden
Output-sensitive Information flow analysis

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet
First-order Gradual Information Flow Types with Gradual Guarantees

Information flow type systems enforce the security property of noninterference by detecting unauthorized data flows at compile-time. However, they require precise type annotations, making them difficult to use in practice as much of the…

Programming Languages · Computer Science 2021-02-10 Abhishek Bichhawat , McKenna McCall , Limin Jia
On Dynamic Flow-Sensitive Floating-Label Systems

Flow-sensitive analysis for information-flow control (IFC) allows data structures to have mutable security labels, i.e., labels that can change over the course of the computation. This feature is often used to boost the permissiveness of…

Cryptography and Security · Computer Science 2015-07-23 Pablo Buiras , Deian Stefan , Alejandro Russo
Beware of the Unexpected: Bimodal Taint Analysis

Static analysis is a powerful tool for detecting security vulnerabilities and other programming problems. Global taint tracking, in particular, can spot vulnerabilities arising from complicated data flow across multiple functions. However,…

Software Engineering · Computer Science 2023-01-26 Yiu Wai Chow , Max Schäfer , Michael Pradel
Information Flow Analysis for a Dynamically Typed Functional Language with Staged Metaprogramming

Web applications written in JavaScript are regularly used for dealing with sensitive or personal data. Consequently, reasoning about their security properties has become an important problem, which is made very difficult by the highly…

Programming Languages · Computer Science 2013-02-14 Martin Lester , Luke Ong , Max Schaefer
Information flow within stochastic dynamical systems

Information flow or information transfer is an important concept in dynamical systems which has applications in a wide variety of scientific disciplines. In this study, we show that a rigorous formalism can be established in the context of…

Chaotic Dynamics · Physics 2007-10-05 X. San Liang
Static Information Flow Control Made Simpler

Static information flow control (IFC) systems provide the ability to restrict data flows within a program, enabling vulnerable functionality or confidential data to be statically isolated from unsecured data or program logic. Despite the…

Programming Languages · Computer Science 2022-10-25 Hemant Gouni , Jonathan Aldrich
A Verified Information-Flow Architecture

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and…

Programming Languages · Computer Science 2016-03-08 Arthur Azevedo de Amorim , Nathan Collins , André DeHon , Delphine Demange , Catalin Hritcu , David Pichardie , Benjamin C. Pierce , Randy Pollack , Andrew Tolmach
Dependency-Based Information Flow Analysis with Declassification in a Program Logic

We present a deductive approach for the analysis of secure information flows with support for fine-grained policies that include declassifications in the form of delimited information release. By explicitly tracking the dependencies of…

Logic in Computer Science · Computer Science 2015-09-15 Bart van Delft , Richard Bubel
A Methodology for Information Flow Experiments

Information flow analysis has largely ignored the setting where the analyst has neither control over nor a complete model of the analyzed system. We formalize such limited information flow analyses and study an instance of it: detecting the…

Cryptography and Security · Computer Science 2014-05-13 Michael Carl Tschantz , Amit Datta , Anupam Datta , Jeannette M. Wing
Pifthon: A Compile-Time Information Flow Analyzer For An Imperative Language

Compile-time information flow analysis has been a promising technique for protecting confidentiality and integrity of private data. In the last couple of decades, a large number of information flow security tools in the form of run-time…

Programming Languages · Computer Science 2021-03-11 Sandip Ghosal , R. K. Shyamasundar
Tool-Supported Architecture-Based Data Flow Analysis for Confidentiality

Through the increasing interconnection between various systems, the need for confidential systems is increasing. Confidential systems share data only with authorized entities. However, estimating the confidentiality of a system is complex,…

Software Engineering · Computer Science 2023-08-04 Felix Schwickerath , Nicolas Boltz , Sebastian Hahner , Maximilian Walter , Christopher Gerking , Robert Heinrich
Hybrid Information Flow Analysis for Programs with Arrays

Information flow analysis checks whether certain pieces of (confidential) data may affect the results of computations in unwanted ways and thus leak information. Dynamic information flow analysis adds instrumentation code to the target…

Programming Languages · Computer Science 2016-07-11 Gergö Barany
Information flow in a distributed security setting

Information flow security is classically formulated in terms of the absence of illegal information flows, with respect to a security setting consisting of a single flow policy that specifies what information flows should be permitted in the…

Programming Languages · Computer Science 2019-01-09 Ana Almeida Matos , Jan Cederquist
A Relational Static Semantics for Call Graph Construction

The problem of resolving virtual method and interface calls in object-oriented languages has been a long standing challenge to the program analysis community. The complexities are due to various reasons, such as increased levels of class…

Programming Languages · Computer Science 2019-07-16 Xilong Zhuo , Chenyi Zhang
Calculational Design of Information Flow Monitors (extended version)

Fine grained information flow monitoring can in principle address a wide range of security and privacy goals, for example in web applications. But it is very difficult to achieve sound monitoring with acceptable runtime cost and sufficient…

Cryptography and Security · Computer Science 2016-05-11 Mounir Assaf , David A. Naumann
Continuous Flow Analysis to Detect Security Problems

We introduce a tool that supports continuous flow analysis in order to detect security problems as the user edits. The tool uses abstract interpretation over both byte codes and abstract syntax trees to trace the flow of both type…

Software Engineering · Computer Science 2019-10-01 Steven P. Reiss
Flow-Sensitive Composition of Thread-Modular Abstract Interpretation

We propose a constraint-based flow-sensitive static analysis for concurrent programs by iteratively composing thread-modular abstract interpreters via the use of a system of lightweight constraints. Our method is compositional in that it…

Programming Languages · Computer Science 2017-10-02 Markus Kusano , Chao Wang
‹ Prev 1 2 3 10 Next ›