A Permission-Dependent Type System for Secure Information Flow Analysis

@article{Chen2018APT,
  title={A Permission-Dependent Type System for Secure Information Flow Analysis},
  author={Hongxu Chen and Alwen Tiu and Zhiwu Xu and Y. Liu},
  journal={2018 IEEE 31st Computer Security Foundations Symposium (CSF)},
  year={2018},
  pages={218-232}
}
  • Hongxu Chen, Alwen Tiu, +1 author Y. Liu
  • Published 2018
  • Computer Science
  • 2018 IEEE 31st Computer Security Foundations Symposium (CSF)
  • We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a lightweight type system featuring Android permission model, where the permissions are statically assigned to applications and are used to enforce access control in the applications. We take inspiration from a type system by Banerjee and Naumann to allow… CONTINUE READING
    7 Citations
    A derivation framework for dependent security label inference
    • Highly Influenced
    • PDF
    Rely/Guarantee Reasoning for Noninterference in Non-Blocking Algorithms
    Decentralized Dynamic Security Enforcement for Mobile Applications with CliSeAuDroid
    • 1
    • PDF
    A trustworthy framework for resource-aware embedded programming

    References

    SHOWING 1-10 OF 51 REFERENCES
    Stack-based access control and secure information flow
    • 167
    • Highly Influential
    • PDF
    Type-Driven Repair for Information Flow Security
    • 7
    • PDF
    Dynamic security labels and static information flow control
    • 111
    • PDF
    Dependent Information Flow Types
    • 46
    • PDF
    Towards a Flow- and Path-Sensitive Information Flow Analysis
    • P. Li, Danfeng Zhang
    • Computer Science
    • 2017 IEEE 30th Computer Security Foundations Symposium (CSF)
    • 2017
    • 9
    • PDF
    Deriving an information flow checker and certifying compiler for Java
    • 70
    • PDF
    Verification of Information Flow and Access Control Policies with Dependent Types
    • 84
    • PDF
    Run-time principals in information-flow type systems
    • 94
    • PDF
    On flow-sensitive security types
    • 248
    • PDF