Results 1 - 10
of
81,597
Flow-sensitive semantics for dynamic information flow policies
- In Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
, 2009
"... Flow-Sensitive semantics for dynamic information flow policies ..."
Abstract
-
Cited by 11 (1 self)
- Add to MetaCart
Flow-Sensitive semantics for dynamic information flow policies
Enforcing an Information Flow Policy
"... Abstract. This paper gives an introduction to the field of enforcing security policies in a program, by describing an information flow policy called the lattice model and presenting some of the published work on how to enforce security policies. Presented in this paper are run-time enforcement with ..."
Abstract
- Add to MetaCart
Abstract. This paper gives an introduction to the field of enforcing security policies in a program, by describing an information flow policy called the lattice model and presenting some of the published work on how to enforce security policies. Presented in this paper are run-time enforcement
Mediating Secure Information Flow Policies
"... Abstract. In this paper we study secure information flow policies in the sense of Meadows [12] and others for aggregated datasets, collectively. We first present a method for combining different sensitivity levels over a common dataset and investigate its ramifications on information flow policies. ..."
Abstract
- Add to MetaCart
Abstract. In this paper we study secure information flow policies in the sense of Meadows [12] and others for aggregated datasets, collectively. We first present a method for combining different sensitivity levels over a common dataset and investigate its ramifications on information flow policies
Dynamic updating of information-flow policies
"... Dynamic updating of information-flow policies Applications that manipulate sensitive information should ensure end-to-end security by satisfying two properties: sound execution and some form of noninterference. By the former, we mean the program should always perform actions in keeping with its curr ..."
Abstract
- Add to MetaCart
Dynamic updating of information-flow policies Applications that manipulate sensitive information should ensure end-to-end security by satisfying two properties: sound execution and some form of noninterference. By the former, we mean the program should always perform actions in keeping with its
Information Flow Policies vs Malware
, 2013
"... Application markets offer more than 700’000 applications: music, movies, games or small tools. It appears more and more difficult to propose an automatic and systematic method to analyse all of these applications. Google Bouncer [1] tries to keep malicious applications out of Google Play by analysin ..."
Abstract
- Add to MetaCart
actions of applications. Our proposal consists in a new scheme of submitting applications to market place and installing applications on the device. More precisely, applications are uploaded with a companion information flow policy. A companion policy exactly describes where data used by the application
Dynamic Updating of Information-Flow Policies
- IN PROC. OF FOUNDATIONS OF COMPUTER SECURITY WORKSHOP
, 2005
"... Applications that manipulate sensitive information should ensure end-to-end security by satisfying two properties: sound execution and some form of noninterference. By the former, we mean the program should always perform actions in keeping with its current policy, and by the latter we mean that t ..."
Abstract
-
Cited by 28 (6 self)
- Add to MetaCart
, however, permits general changes to security policies in use by running programs. This paper presents a simple information flow type system for that allows for dynamic security policy updates while ensuring sound execution and a relaxed form of noninterference we term noninterference between updates
Information Flow Policies vs Malware
, 2013
"... HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."
Abstract
- Add to MetaCart
HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.
Title: Unifying Information Flow Policies
, 1990
"... Reports quoted are not necessarily available to members of the public or to commercial organisations. ROYAL SIGNALS AND RADAR ESTABLISHMENT REPORT 90020 ..."
Abstract
- Add to MetaCart
Reports quoted are not necessarily available to members of the public or to commercial organisations. ROYAL SIGNALS AND RADAR ESTABLISHMENT REPORT 90020
Modular Enforcement of Information Flow Policies in Data Structures
"... Abstract—Standard implementations of common data structures such as hash tables can leak information, e.g. the operation history, to attackers with later access to a machine’s memory. This leakage is particularly damaging whenever the history of operations performed on a data structure must remain s ..."
Abstract
- Add to MetaCart
secret, such as in voting machines. We show how unique representation—the requirement that a data structure have canonical machine representations—can be used to perform modular verification of information flow policies in programs that compose data structures with their clients. We present a
Enforcing Stateful Authorization and Information Flow Policies in FINE
"... Abstract. Proving software free of security bugs is hard. Languages that ensure that programs correctly enforce their security policies would help, but, to date, no security-typed language has the ability to verify the enforcement of the kinds of policies used in practice—dynamic, stateful policies ..."
Abstract
-
Cited by 36 (9 self)
- Add to MetaCart
which address a range of concerns including forms of access control and information flow tracking. This paper presents FINE, a new source-level security-typed language that, through the use of a simple module system and dependent, refinement, and affine types, checks the enforcement of dynamic security
Results 1 - 10
of
81,597