Deriving an Information Flow Checker and Certifying Compiler for Java

S
SP
2006
2006 IEEE Symposium on Security and Privacy (S&P'06)
Abstract - Deriving an Information Flow Checker and Certifying Compiler for Java

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Gilles Barthe Articles by Tamara Rezk Articles by David Naumann

2006 IEEE Symposium on Security and Privacy (S&P'06)

Berkeley/Oakland, California

May 21-May 24

ISBN: 0-7695-2574-1

	ASCII Text	x
	Gilles Barthe, Tamara Rezk, David Naumann, "Deriving an Information Flow Checker and Certifying Compiler for Java," Security and Privacy, IEEE Symposium on, pp. 230-242, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.13, author = {Gilles Barthe and Tamara Rezk and David Naumann}, title = {Deriving an Information Flow Checker and Certifying Compiler for Java}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {230-242}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.13}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Deriving an Information Flow Checker and Certifying Compiler for Java SN - 1081-6011 SP230 EP242 A1 - Gilles Barthe, A1 - Tamara Rezk, A1 - David Naumann, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Gilles Barthe, INRIA Sophia-Antipolis, Project EVEREST, France

Tamara Rezk, INRIA Sophia-Antipolis, Project EVEREST, France

David Naumann, Stevens Institute of Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SP.2006.13

Language-based security provides a means to enforce endto- end confidentiality and integrity policies inmobile code scenarios, and is increasingly being contemplated by the smartcard and mobile phone industry as a solution to enforce information flow and resource control policies.

Two threads of work have emerged in research on languagebased security: work that focuses on enforcing security policies for source code, which is tailored towards developers that want to increase confidence in their applications, and work that focuses on efficiently verifying similar policies for bytecode, which is tailored to code consumers that want to protect themselves against hostile applications. These lines of work serve different purposes - and thus have been developed independently but connecting them is a key step towards the deployment of language-based security in practical applications.

This paper introduces a systematic technique to connect source code and bytecode security type systems. The technique is applied to an information flow type system for a fragment of Java with exceptions, thus confronting challenges in both control and data flow tracking.

Citation:

Gilles Barthe, Tamara Rezk, David Naumann, "Deriving an Information Flow Checker and Certifying Compiler for Java," sp, pp.230-242, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.