A Functional View of Imperative Information Flow

We analyze dynamic information-flow control for imperative languages in terms of functional computation. Specifically, we translate an imperative language to a functional language, thus accounting for the main difficulties of information-flow control in the imperative language.

[1]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[2]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[3]  Sorin Lerner,et al.  Staged information flow for javascript , 2009, PLDI '09.

[4]  Analysis and caching of dependencies , 1996, ICFP '96.

[5]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis , 2009, PLAS '09.

[6]  Martín Abadi,et al.  A Functional View of Imperative Information Flow Extended Version , 2012 .

[7]  Scott F. Smith,et al.  Dynamic Dependency Monitoring to Secure Information Flow , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[8]  Andrei Sabelfeld,et al.  Information-Flow Security for a Core of JavaScript , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[9]  Vinod Ganapathy,et al.  Analyzing Information Flow in JavaScript-Based Browser Extensions , 2009, 2009 Annual Computer Security Applications Conference.

[10]  Andrew C. Myers,et al.  Programming Languages for Information Security , 2002 .

[11]  Steve Vandebogart,et al.  Make Least Privilege a Right (Not a Privilege) , 2005, HotOS.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[14]  David A. Schmidt,et al.  Automata-Based Confidentiality Monitoring , 2006, ASIAN.

[15]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[16]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[17]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[18]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[19]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[20]  Jeffrey S. Fenton Memoryless Subsystems , 1974, Comput. J..

[21]  Deian Stefan,et al.  Flexible dynamic information flow control in Haskell , 2012, Haskell '11.

[22]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.