Language-based information-flow security

Top Cited Papers

Abstract

Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow. Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Previously, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this paper, we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of work in the area and identify some important open challenges.

Keywords

This publication has 92 references indexed in Scilit:

Noninterference for concurrent programs and thread systems
Theoretical Computer Science, 2002
A semantic approach to secure information flow
Science of Computer Programming, 2000
Secrecy by typing in security protocols
Journal of the ACM, 1999
Trust in the λ-calculus
Journal of Functional Programming, 1997
Secrecy by typing in security protocols
Lecture Notes in Computer Science, 1997
A general theory of composition for a class of "possibilistic" properties
IEEE Transactions on Software Engineering, 1996
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems, 1980
Information transmission in computational systems
ACM SIGOPS Operating Systems Review, 1977
HYDRA
Communications of the ACM, 1974
Memoryless subsystems
The Computer Journal, 1974

Cited by 1331 articles