Deriving an information flow checker and certifying compiler for java

Gilles Barthe; David Naumann; Tamara Rezk

doi:10.1109/SP.2006.13

Deriving an information flow checker and certifying compiler for java

Gilles Barthe, David Naumann, Tamara Rezk

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

37 Scopus citations

Abstract

Language-based security provides a means to enforce end-to-end confidentiality and integrity policies in mobile code scenarios, and is increasingly being contemplated by the smart-card and mobile phone industry as a solution to enforce information flow and resource control policies. Two threads of work have emerged in research on language-based security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for byte-code, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes - and thus have been developed independently - but connecting them is a key step towards the deployment of language-based security in practical applications. This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.

Original language	English
Title of host publication	Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
Pages	230-242
Number of pages	13
DOIs	https://doi.org/10.1109/SP.2006.13
State	Published - 2006
Event	2006 IEEE Symposium on Security and Privacy, S and P 2006 - Berkeley, United States Duration: 21 May 2006 → 24 May 2006

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2006
ISSN (Print)	1081-6011

Conference

Conference	2006 IEEE Symposium on Security and Privacy, S and P 2006
Country/Territory	United States
City	Berkeley
Period	21/05/06 → 24/05/06

Access to Document

10.1109/SP.2006.13

Cite this

@inproceedings{c93287a3e8d94ee9be762119780edc4c,

title = "Deriving an information flow checker and certifying compiler for java",

abstract = "Language-based security provides a means to enforce end-to-end confidentiality and integrity policies in mobile code scenarios, and is increasingly being contemplated by the smart-card and mobile phone industry as a solution to enforce information flow and resource control policies. Two threads of work have emerged in research on language-based security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for byte-code, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes - and thus have been developed independently - but connecting them is a key step towards the deployment of language-based security in practical applications. This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.",

author = "Gilles Barthe and David Naumann and Tamara Rezk",

year = "2006",

doi = "10.1109/SP.2006.13",

language = "English",

isbn = "0769525741",

series = "Proceedings - IEEE Symposium on Security and Privacy",

pages = "230--242",

booktitle = "Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006",

note = "2006 IEEE Symposium on Security and Privacy, S and P 2006 ; Conference date: 21-05-2006 Through 24-05-2006",

}

Barthe, G, Naumann, D & Rezk, T 2006, Deriving an information flow checker and certifying compiler for java. in Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006., 1624014, Proceedings - IEEE Symposium on Security and Privacy, vol. 2006, pp. 230-242, 2006 IEEE Symposium on Security and Privacy, S and P 2006, Berkeley, United States, 21/05/06. https://doi.org/10.1109/SP.2006.13

Deriving an information flow checker and certifying compiler for java. / Barthe, Gilles; Naumann, David; Rezk, Tamara.
Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006. 2006. p. 230-242 1624014 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2006).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Deriving an information flow checker and certifying compiler for java

AU - Barthe, Gilles

AU - Naumann, David

AU - Rezk, Tamara

PY - 2006

Y1 - 2006

N2 - Language-based security provides a means to enforce end-to-end confidentiality and integrity policies in mobile code scenarios, and is increasingly being contemplated by the smart-card and mobile phone industry as a solution to enforce information flow and resource control policies. Two threads of work have emerged in research on language-based security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for byte-code, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes - and thus have been developed independently - but connecting them is a key step towards the deployment of language-based security in practical applications. This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.

AB - Language-based security provides a means to enforce end-to-end confidentiality and integrity policies in mobile code scenarios, and is increasingly being contemplated by the smart-card and mobile phone industry as a solution to enforce information flow and resource control policies. Two threads of work have emerged in research on language-based security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for byte-code, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes - and thus have been developed independently - but connecting them is a key step towards the deployment of language-based security in practical applications. This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.

UR - http://www.scopus.com/inward/record.url?scp=33751034907&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33751034907&partnerID=8YFLogxK

U2 - 10.1109/SP.2006.13

DO - 10.1109/SP.2006.13

M3 - Conference contribution

AN - SCOPUS:33751034907

SN - 0769525741

SN - 9780769525747

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 230

EP - 242

BT - Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006

T2 - 2006 IEEE Symposium on Security and Privacy, S and P 2006

Y2 - 21 May 2006 through 24 May 2006

ER -

Deriving an information flow checker and certifying compiler for java

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this