Learn More
Security-typed languages promise to be a powerful tool with which provably secure software applications may be developed. Programs written in these languages enforce a strong, global policy of <i>noninterference</i>which ensures that high-security data will not be observable on low-security channels. Because noninterference is typically too strong a(More)
Verifying that programs trusted to enforce security actually do so is a practical concern for programmers and administrators. However , there is a disconnect between the kinds of tools that have been successfully applied to real software systems (such as taint mode in Perl and Ruby), and information-flow compilers that enforce a variant of the stronger(More)
his paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the obser- vation that security-sensitive operations performed by a server are characterized by idiomatic resource manipula- tions, called fingerprints. Candidate fingerprints are auto- matically mined by(More)
The web is now being used as a general platform for hosting distributed applications like wikis, bulletin board messaging systems and collaborative editing environments. Data from multiple applications originating at multiple sources all intermix in a single web browser, making sensitive data stored in the browser subject to a broad milieu of attacks(More)
In this paper, we present an approach for verifying that trusted programs correctly enforce system security goals when deployed. A trusted program is trusted to only perform safe operations despite have the authority to perform unsafe operations; for example, initialization programs, administrative programs, root network dae-mons, etc. Currently, these(More)
The need to monitor, measure, and control sub-visible proteinaceous particulates in biopharmaceutical formulations has been emphasized in recent publications and commentaries. Some of these particulates can be highly transparent, fragile, and unstable. In addition, for much of the size range of concern, no practical measurement method with adequate(More)
Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved(More)
We present a framework that automatically produces resolution placement suggestions for type errors in security-typed programs, enabling legacy code to be retrofit with comprehensive security policy mediation. Resolving such type errors requires selecting a placement of mediation statements that implement runtime security decisions, such as declassifiers(More)
Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because(More)