English
Related papers

Related papers: A Permission-Dependent Type System for Secure Info…

200 papers

Smartphones hold important private information, yet users routinely expose this information to questionable applications written by developers they know nothing about. Users may be tempted to think of smartphones as old-style dumb phones,…

Cryptography and Security · Computer Science 2019-06-28 Amer Chamseddine , George Candea

Cloud service providers are often trusted to be genuine, the damage caused by being discovered to be attacking their own customers outweighs any benefits such attacks could reap. On the other hand, it is expected that some cloud service…

Cryptography and Security · Computer Science 2017-06-07 Ivan Gazeau , Tom Chothia , Dominic Duggan

Modern programmable network switches can implement custom applications using efficient packet processing hardware, and the programming language P4 provides high-level constructs to program such switches. The increase in speed and…

Programming Languages · Computer Science 2022-06-15 Karuna Grewal , Loris D'Antoni , Justin Hsu

Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to account for context: the circumstances under…

Cryptography and Security · Computer Science 2017-03-08 Primal Wijesekera , Arjun Baokar , Lynn Tsai , Joel Reardon , Serge Egelman , David Wagner , Konstantin Beznosov

Language-based information flow security aims to decide whether an action-observable program can unintentionally leak confidential information if it has the authority to access confidential data. Recent concerns about declassification…

Cryptography and Security · Computer Science 2016-11-18 Cong Sun , Liyong Tang , Zhong Chen

We present a type system and inference algorithm for a rich subset of JavaScript equipped with objects, structural subtyping, prototype inheritance, and first-class methods. The type system supports abstract and recursive objects, and is…

Programming Languages · Computer Science 2016-10-19 Satish Chandra , Colin S. Gordon , Jean-Baptiste Jeannin , Cole Schlesinger , Manu Sridharan , Frank Tip , Youngil Choi

In workflows and business processes, there are often security requirements on both the data, i.e. confidentiality and integrity, and the process, e.g. separation of duty. Graphical notations exist for specifying both workflows and…

Cryptography and Security · Computer Science 2014-04-09 Thomas Bauereiss , Dieter Hutter

The security of Android has been recently challenged by the discovery of a number of vulnerabilities involving different layers of the Android stack. We argue that such vulnerabilities are largely related to the interplay among layers…

Cryptography and Security · Computer Science 2012-09-05 Alessandro Armando , Alessio Merlo , Luca Verderame

Practitioners of secure information flow often face a design challenge: what is the right semantic treatment of leaks via termination? On the one hand, the potential harm of untrusted code calls for strong progress-sensitive security. On…

Programming Languages · Computer Science 2020-05-12 Johan Bay , Aslan Askarov

Refinement types enable lightweight verification of functional programs. Algorithms for statically inferring refinement types typically work by reduction to solving systems of constrained Horn clauses extracted from typing derivations. An…

Programming Languages · Computer Science 2020-11-11 Zvonimir Pavlinovic , Yusen Su , Thomas Wies

Android utilizes a security mechanism that requires apps to request permission for accessing sensitive user data, e.g., contacts and SMSs, or certain system features, e.g., camera and Internet access. However, Android apps tend to be…

Software Engineering · Computer Science 2020-01-24 Jianmao Xiao , Shizhan Chen , Qiang He , Zhiyong Feng , Xiao Xue

Security-critical system requirements are increasingly enforced through mandatory access control systems. These systems are controlled by security policies, highly sensitive system components, which emphasizes the paramount importance of…

Cryptography and Security · Computer Science 2017-06-13 Peter Amthor

Software-Defined Networking (SDN) has transformed network architectures by decoupling the control and data-planes, enabling fine-grained control over packet processing and forwarding. P4, a language designed for programming data-plane…

Cryptography and Security · Computer Science 2025-05-15 Anoud Alshnakat , Amir M. Ahmadian , Musard Balliu , Roberto Guanciale , Mads Dam

We propose a type-based resource usage analysis for the π-calculus extended with resource creation/access primitives. The goal of the resource usage analysis is to statically check that a program accesses resources such as files and…

Programming Languages · Computer Science 2017-01-11 Naoki Kobayashi , Kohei Suenaga , Lucian Wischik

A type system is introduced for a generic Object Oriented programming language in order to infer resource upper bounds. A sound andcomplete characterization of the set of polynomial time computable functions is obtained. As a consequence,…

Programming Languages · Computer Science 2018-02-20 Emmanuel Hainry , Romain Péchoux

This work provides a study to demonstrate the potential of using off-the-shelf programming languages and their theories to build sound language-based-security tools. Our study focuses on information flow security encompassing…

Cryptography and Security · Computer Science 2020-07-20 Minh Ngo , David A. Naumann , Tamara Rezk

Android and Facebook provide third-party applications with access to users' private data and the ability to perform potentially sensitive operations (e.g., post to a user's wall or place phone calls). As a security measure, these platforms…

Cryptography and Security · Computer Science 2012-10-10 Mario Frank , Ben Dong , Adrienne Porter Felt , Dawn Song

We introduce the Android Security Framework (ASF), a generic, extensible security framework for Android that enables the development and integration of a wide spectrum of security models in form of code-based security modules. The design of…

Cryptography and Security · Computer Science 2014-04-08 Michael Backes , Sven Bugiel , Sebastian Gerling , Philipp von Styp-Rekowsky

Android apps require permissions when accessing resources related to privacy or system integrity. Starting from Android 6, these permissions have to be asked at runtime. However, migrating to the new permission model poses multiple…

Software Engineering · Computer Science 2017-06-19 Denis Bogdanas

Android filesystem access control provides a foundation for Android system integrity. Android utilizes a combination of mandatory (e.g., SEAndroid) and discretionary (e.g., UNIX permissions) access control, both to protect the Android…

Cryptography and Security · Computer Science 2020-08-11 Yu-Tsung Lee , William Enck , Haining Chen , Hayawardh Vijayakumar , Ninghui Li , Daimeng Wang , Zhiyun Qian , Giuseppe Petracca , Trent Jaeger