Secure Flow Typing

Volpano, Dennis; Irvine, Cynthia E.

Secure Flow Typing

Authors

Volpano, Dennis

Irvine, Cynthia E.

Subjects

secure information flow
type systems
Web programming
certification

Date of Issue

1997-00-00

Publisher

ACM

Abstract

Some of the most promising work in the area of enforcing secure information flow in programs is based on static analyses of source code. However, as yet, these efforts have not had much impact in practice. We present a new approach to analyzing programs statically for secrecy and integrity flow violations. The analysis is characterized as a form of type inference in a secure flow type system. The type system provides a uniform frame work for traditional type checking of programs and information flow control Type correct programs have principal types that characterize how they can be called securely. Applications of the type system include flow analysis of legacy code as well as code written in newly emerging Web languages like Java (tm).

Type

Article

Description

The article of record as published may be located at http://dx.doi.org/10.1016/S0167-4048(97)00002-3

URI

https://hdl.handle.net/10945/7183

Department

Computer Science (CS)

Organization

Center for Information Systems Security Studies and Research (CISR)

Citation

Proceedings of the 25th ACM Symposium on Principles of Programming Languages, San Diego, CA, pp. 355-364, January 1998

Distribution Statement

Approved for public release; distribution is unlimited.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

Collections

Publications

Full item page

Naval Postgraduate School

Dudley Knox Library