Dynamic vs. static flow-sensitive security analysis
A Russo, A Sabelfeld - 2010 23rd IEEE Computer Security …, 2010 - ieeexplore.ieee.org
This paper seeks to answer fundamental questions about trade-offs between static and
dynamic security analysis. It has been previously shown that flow-sensitive static information …
dynamic security analysis. It has been previously shown that flow-sensitive static information …
[PDF][PDF] Challenges for information-flow security
S Zdancewic - Proceedings of the 1st International Workshop on …, 2004 - researchgate.net
Protecting confidential data in computing environments has long been recognized as a
difficult and daunting problem. All modern operating systems include some form of access …
difficult and daunting problem. All modern operating systems include some form of access …
Information flow monitor inlining
A Chudnov, DA Naumann - 2010 23rd IEEE Computer Security …, 2010 - ieeexplore.ieee.org
In recent years it has been shown that dynamic monitoring can be used to soundly enforce
information flow policies. For programs distributed in source or bytecode form, the use of just …
information flow policies. For programs distributed in source or bytecode form, the use of just …
A perspective on information-flow control
D Hedin, A Sabelfeld - Software safety and security, 2012 - ebooks.iospress.nl
Abstract Information-flow control tracks how information propagates through the program
during execution to make sure that the program handles the information securely. Secure …
during execution to make sure that the program handles the information securely. Secure …
From dynamic to static and back: Riding the roller coaster of information-flow control research
A Sabelfeld, A Russo - … of Systems Informatics: 7th International Andrei …, 2010 - Springer
Historically, dynamic techniques are the pioneers of the area of information flow in the 70's.
In their seminal work, Denning and Denning suggest a static alternative for information-flow …
In their seminal work, Denning and Denning suggest a static alternative for information-flow …
Implicit flows: Can't live with 'em, can't live without 'em
Verifying that programs trusted to enforce security actually do so is a practical concern for
programmers and administrators. However, there is a disconnect between the kinds of tools …
programmers and administrators. However, there is a disconnect between the kinds of tools …
Dynamic dependency monitoring to secure information flow
P Shroff, S Smith, M Thober - 20th IEEE Computer Security …, 2007 - ieeexplore.ieee.org
Although static systems for information flow security are well-studied, few works address run-
time information flow monitoring. Run-time information flow control offers distinct advantages …
time information flow monitoring. Run-time information flow control offers distinct advantages …
Static analysis for efficient hybrid information-flow control
Hybrid information-flow monitors use a combination of static analysis and dynamic
mechanisms to provide precise strong information security guarantees. However, unlike …
mechanisms to provide precise strong information security guarantees. However, unlike …
Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs
C Hammer, G Snelting - International Journal of Information Security, 2009 - Springer
Abstract Information flow control (IFC) checks whether a program can leak secret data to
public ports, or whether critical computations can be influenced from outside. But many IFC …
public ports, or whether critical computations can be influenced from outside. But many IFC …
Language-based information-flow security
A Sabelfeld, AC Myers - IEEE Journal on selected areas in …, 2003 - ieeexplore.ieee.org
Current standard security practices do not provide substantial assurance that the end-to-end
behavior of a computing system satisfies important security policies such as confidentiality …
behavior of a computing system satisfies important security policies such as confidentiality …