English
Related papers

Related papers: LIO*: Low Level Information Flow Control in F*

200 papers

Reified Input/Output (I/O) logic[21] has been recently proposed to model real-world norms in terms of the logic in [11]. This is massively grounded on the notion of reification, and it has specifically designed to model meaning of natural…

Artificial Intelligence · Computer Science 2021-10-15 Livio Robaldo , Kolawole J. Adebayo

As modern hardware designs grow in complexity and size, ensuring security across the confidentiality, integrity, and availability (CIA) triad becomes increasingly challenging. Information flow tracking (IFT) is a widely-used approach to…

Cryptography and Security · Computer Science 2025-04-10 Nowfel Mashnoor , Mohammad Akyash , Hadi Kamali , Kimia Azar

The logic of information flows (LIF) has recently been proposed as a general framework in the field of knowledge representation. In this framework, tasks of procedural nature can still be modeled in a declarative, logic-based fashion. In…

Logic in Computer Science · Computer Science 2024-08-07 Heba Aamer , Bart Bogaerts , Dimitri Surinx , Eugenia Ternovska , Jan Van den Bussche

This tutorial provides a complete and homogeneous account of the latest advances in fine- and coarse-grained dynamic information-flow control (IFC) security. Since the 70s, the programming language and the operating system communities have…

Programming Languages · Computer Science 2022-08-30 Marco Vassena , Alejandro Russo , Deepak Garg , Vineet Rajani , Deian Stefan

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux…

Cryptography and Security · Computer Science 2022-06-01 Lorenzo Ceragioli , Letterio Galletta , Pierpaolo Degano , David Basin

Mobile and IoT applications have greatly enriched our daily life by providing convenient and intelligent services. However, these smart applications have been a prime target of adversaries for stealing sensitive data. It poses a crucial…

Cryptography and Security · Computer Science 2021-06-10 Ning Xi , Chao Chen , Jun Zhang , Cong Sun , Shigang Liu , Pengbin Feng , Jianfeng Ma

Information Flow Control (IFC) is a collection of techniques for ensuring a no-write-down no-read-up style security policy known as noninterference. Traditional methods for both static and dynamic IFC suffer from untenable numbers of false…

Cryptography and Security · Computer Science 2020-05-27 Maximilian Algehed , Cormac Flanagan

Existing language-based information-flow control (IFC) tools face a fundamental tension: Denning-style systems that track explicit and implicit flows at the variable level typically require compiler modifications, while more coarse-grained…

Programming Languages · Computer Science 2026-04-17 Jeffrey C. Ching , Quan Zhou , Danfeng Zhang

Programmers of cryptographic applications written in C need to avoid common mistakes such as sending private data over public channels, modifying trusted data with untrusted functions, or improperly ordering protocol steps. These secrecy,…

Cryptography and Security · Computer Science 2019-07-04 Darion Cassel , Yan Huang , Limin Jia

We present Lifty, a domain-specific language for data-centric applications that manipulate sensitive data. A Lifty programmer annotates the sources of sensitive data with declarative security policies, and the language statically and…

Programming Languages · Computer Science 2020-07-02 Nadia Polikarpova , Deian Stefan , Jean Yang , Shachar Itzhaky , Travis Hance , Armando Solar-Lezama

We introduce SecRef*, a secure compilation framework protecting stateful programs verified in F* against linked unverified code, with which the program dynamically shares ML-style mutable references. To ease program verification in this…

Information flow control (IFC) provides confidentiality by enforcing noninterference, which ensures that high-secrecy values cannot affect low-secrecy values. Prior work introduces fine-grained IFC approaches that modify the programming…

Programming Languages · Computer Science 2024-03-20 Ada Lamba , Max Taylor , Vincent Beardsley , Jacob Bambeck , Michael D. Bond , Zhiqiang Lin

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet

Recent advances in large language models (LLMs) and vision-language models (VLMs) have enabled powerful autonomous agents capable of complex reasoning and multi-modal tool use. Despite their growing capabilities, today's agent frameworks…

Artificial Intelligence · Computer Science 2025-06-12 Peiran Li , Xinkai Zou , Zhuohang Wu , Ruifeng Li , Shuo Xing , Hanwen Zheng , Zhikai Hu , Yuping Wang , Haoxi Li , Qin Yuan , Yingmo Zhang , Zhengzhong Tu

Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for…

Cryptography and Security · Computer Science 2023-09-21 Sashidhar Jakkamsetti , Youngil Kim , Andrew Searles , Gene Tsudik

Programmable Logic Controllers (PLC) and its programming standard IEC 61131-3 are widely used in embedded systems for the industrial automation domain. We propose a framework for the formal treatment of PLC based on the IEC 61131-3…

Software Engineering · Computer Science 2013-01-15 Jan Olaf Blech , Sidi Ould Biha

Large Language Model-based systems (LLM systems) are information and query processing systems that use LLMs to plan operations from natural-language prompts and feed the output of each successive step into the LLM to plan the next. This…

Cryptography and Security · Computer Science 2024-10-11 Fangzhou Wu , Ethan Cecchetti , Chaowei Xiao

We propose an approach on model checking information flow for imperative language with procedures. We characterize our model with pushdown system, which has a stack of unbounded length that naturally models the execution of procedural…

Cryptography and Security · Computer Science 2010-12-15 Cong Sun , Liyong Tang , Zhong Chen

This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an…

Programming Languages · Computer Science 2017-06-22 Peixuan Li , Danfeng Zhang

Information flow security is classically formulated in terms of the absence of illegal information flows, with respect to a security setting consisting of a single flow policy that specifies what information flows should be permitted in the…

Programming Languages · Computer Science 2019-01-09 Ana Almeida Matos , Jan Cederquist