134 research outputs found
Transformational typing and unification for automatically correcting insecure programs
Before starting a rigorous security analysis of a given software system, the most likely outcome is often already clear, namely that the system is not entirely secure. Modifying a program such that it passes the analysis is a difficult problem and usually left entirely to the programmer. In this article, we show that and how unification can be used to compute such program transformations. This opens a new perspective on the problem of correcting insecure programs. We also demonstrate that integrating our approach into an existing transforming type system can improve the precision of the analysis and the quality of the resulting program
Ouachita College Catalogue 1927-1928
https://scholarlycommons.obu.edu/catalogs/1053/thumbnail.jp
Ouachita Office of Communications staff earn IABC Awards of Excellence
Ouachita Baptist University’s Office of Communications staff was honored with three Bronze Quill Awards of Excellence during the recent Bronze Quill Awards Ceremony hosted by the Arkansas chapter of the International Association of Business Communications
03411 Abstracts Collection -- Language Based Security
From October 5th to 10th 2003,the Dagstuhl Seminar 03411
``Language Based security\u27\u27 was held
in the International Conference and Research Center (IBFI), Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar are put together in this paper
07091 Abstracts Collection -- Mobility, Ubiquity and Security
From 25.02.2007 to 02.03.2007, the Dagstuhl Seminar 07091 ``Mobility,
Ubiquity and Security\u27\u27 was held in the International Conference and
Research Center (IBFI), Schloss Dagstuhl. During the seminar,
several participants presented their current research, and ongoing work and
open problems were discussed. Abstracts of the presentations given during
the seminar as well as abstracts of seminar results and ideas are put together
in this paper. The first section describes the seminar topics and goals
in general. Links to extended abstracts or full papers are provided,
if available
Hybrid Monitors for Concurrent Noninterference
Controlling confidential information in concurrent systems is difficult, due to covert channels resulting from interaction between threads. This problem is exacerbated if threads share resources at fine granularity. In this work, we propose a novel monitoring framework to enforce strong information security in concurrent programs. Our monitors are hybrid, combining dynamic and static program analysis to enforce security in a sound and rather precise fashion. In our framework, each thread is guarded by its own local monitor, and there is a single global monitor. We instantiate our monitoring framework to support rely-guarantee style reasoning about the use of shared resources, at the granularity of individual memory locations, and then specialize local monitors further to enforce flow-sensitive progress-sensitive information-flow control. Our local monitors exploit rely-guarantee-style reasoning about shared memory to achieve high precision. Soundness of rely-guarantee-style reasoning is guaranteed by all monitors cooperatively. The global monitor is invoked only when threads synchronize, and so does not needlessly restrict concurrency. We prove that our hybrid monitoring approach enforces a knowledge-based progress-sensitive non-interference security condition.Engineering and Applied Science
Recommended from our members
Global and Local Monitors to Enforce Noninterference in Concurrent Programs
Controlling confidential information in concurrent systems is difficult, due to covert channels resulting from interaction between threads. This problem is exacerbated if threads share resources at fine granularity. In this work, we propose a novel monitoring framework to enforce strong information security in concurrent programs. Our monitors are hybrid, combining dynamic and static program analysis to enforce security in a sound and rather precise fashion. In our framework, each thread is guarded by its own local monitor, and there is a single global monitor. We instantiate our monitoring framework to support rely-guarantee style reasoning about the use of shared resources, at the granularity of individual memory locations, and then specialize local monitors further to enforce flow-sensitive progress-sensitive information-flow control. Our local monitors exploit rely-guarantee-style reasoning about shared memory to achieve high precision. Soundness of rely-guarantee-style reasoning is guaranteed by all monitors cooperatively. The global monitor is invoked only when threads synchronize, and so does not needlessly restrict concurrency. We prove that our hybrid monitoring approach enforces a knowledge-based progress-sensitive noninterference security condition.Engineering and Applied Science
RIFL 1.1: A Common Specification Language for Information-Flow Requirements
The RS³ Information-Flow Specification Language (RIFL) is a policy
language for information-flow security. RIFL originated from the need
for a common language for specifying security requirements within the
DFG priority program Reliably Secure Software Systems (RS³)
(http://www.spp-rs3.de). In this report, we present the syntax and
informal semantics of RIFL 1.1, the most recent version of RIFL.
At this point in time, RIFL is supported by four tools for
information-flow analysis. We believe that RIFL can also be useful as
a policy language for further tools, and we encourage its adoption and
extension by the community
On the composition of secure systems
Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE
- …