Calculational design of information flow monitors

Mounir Assaf, David A. Naumann

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations

Abstract

Fine grained information flow monitoring can in principle address a wide range of security and privacy goals, for example in web applications. But it is very difficult to achieve sound monitoring with acceptable runtime cost and sufficient precision to avoid impractical restrictions on programs and policies. We present a systematic technique for design of monitors that are correct by construction. It encompasses policies with downgrading. The technique is based on abstract interpretation which is a standard basis for static analysis of programs. This should enable integration of a wide range of analysis techniques, enabling more sophisticated engineering of monitors to address the challenges of precision and scaling to widely used programming languages.

Original languageEnglish
Title of host publicationProceedings - IEEE 29th Computer Security Foundations Symposium, CSF 2016
Pages210-224
Number of pages15
ISBN (Electronic)9781509026074
DOIs
StatePublished - 8 Aug 2016
Event29th IEEE Computer Security Foundations Symposium, CSF 2016 - Lisbon, Portugal
Duration: 27 Jun 20161 Jul 2016

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
Volume2016-August
ISSN (Print)1940-1434

Conference

Conference29th IEEE Computer Security Foundations Symposium, CSF 2016
Country/TerritoryPortugal
CityLisbon
Period27/06/161/07/16

Fingerprint

Dive into the research topics of 'Calculational design of information flow monitors'. Together they form a unique fingerprint.

Cite this