Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/1255329acmconferencesBook PagePublication PagespldiConference Proceedingsconference-collections
PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for security
ACM2007 Proceeding
  • General Chair:
  • Michael Hicks
Publisher:
  • Association for Computing Machinery
  • New York
  • NY
  • United States
Conference:
PLAS07: Programming Languages and Analysis for Security Workshop San Diego California USA 14 June 2007
ISBN:
978-1-59593-711-7
Published:
14 June 2007
Sponsors:
Recommend ACM DL
ALREADY A SUBSCRIBER?SIGN IN

Reflects downloads up to 21 Dec 2024Bibliometrics
Skip Abstract Section
Abstract

It is my pleasure to present this proceedings of the 2nd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2007), which took place on June 14, 2007 in San Diego, California, USA. The workshop was held as part of ACM's Federated Computing Research Conference (FCRC), as a satellite event of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2007).

The call for papers solicited submissions of three kinds: full-length technical papers for relatively mature work; short papers for less detailed or more preliminary work; and proposals for informal presentations to be given at the workshop but not to appear in the proceedings. The last category was designed to support the discussion of important and promising ideas at the workshop, even if the ideas were not yet ready for formal publication. Papers submitted to one category could be accepted in a different category at the program committee's discretion

We received 28 submissions from researchers at locations around the world. The submissions were comprised of 19 full-length papers, 6 short papers, and 3 informal presentations. One full paper was withdrawn prior to being reviewed. The committee ultimately accepted 10 full-length papers, 3 short papers, and 1 informal presentation. The submitted papers encompassed a variety of topics, including: inferring and enforcing information flow properties in programming languages, statically analyzing software for security vulnerabilities, specifying and enforcing security policies in software, intrusion detection, and models of declassification. Many committee members commented to me on the high quality of the papers we received. I am confident you will be impressed with the strength of the final program contained within these pages

Skip Table Of Content Section
SESSION: Language-based security
Article
Jifclipse: development tools for security-typed languages

Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information ...

Article
Improving usability of information flow security in java

This paper focuses on improving the usability of information flow type systems. We present a static information flow type inference system for Middleweight Java (MJ) which automatically infers information flow labels, thus avoiding the need for a ...

Article
A domain-specific programming language for secure multiparty computation

We present a domain-specific programming language for Secure Multiparty Computation (SMC).

Information is a resource of vital importance and considerable economic value to individuals, public administration, and private companies. This means that the ...

SESSION: Analyzing information flow
Article
Quantitative analysis of leakage for multi-threaded programs

We present a quantitative analysis of information flow for a multi-threaded language based on a probabilistic scheduler. The analysis consists of two steps. First, multi-threaded programs are translated into single-thread looping programs with a ...

Article
A simulation-based proof technique for dynamic information flow

Information-flow analysis can prevent programs from improperly revealing secret information, and a dynamic approach can make such analysis more practical, but there has been relatively little work verifying that such analyses are sound (account for all ...

SESSION: Detection, declassification, and evolution
Article
Cautious virus detection in the extreme

It is well known that there exist viruses whose set of infected programs is undecidable. If a virus detector is to err on the side of caution with respect to such a virus, then it must label some perfectly innocent programs as being infected by the ...

Article
Localized delimited release: combining the what and where dimensions of information release

Information release (or declassification) policies are the key challenge for language-based information security. Although much progress has been made, different approaches to information release tend to address different aspects of information release. ...

Article
Towards a logical account of declassification

Declassification is a vital ingredient for practical use of secure systems. Several recent efforts to formulate an end-to-end policy for declassification seem inconclusive and have focused on apparently different aspects. (e.g., what values are involved,...

Article
Fast probabilistic simulation, nontermination, and secure information flow

In secure information flow analysis, the classic Denning restrictions allow a program's termination to be affected by the values of its H variables, resulting in potential information leaks. In an effort to quantify such leaks, in this work we study a ...

SESSION: Analysis against attacks
Article
Large-scale analysis of format string vulnerabilities in Debian Linux

Format-string bugs are a relatively common security vulnerability, and can lead to arbitrary code execution. In collaboration with others, we designed and implemented a system to eliminate format string vulnerabilities from an entire Linux distribution, ...

Article
Guarded models for intrusion detection

Host-based intrusion detection systems that monitor an application execution and report any deviation from its statically built model have seen tremendous progress in recent years. However, the weakness of these systems is that they often rely on overly ...

Article
Using web application construction frameworks to protect against code injection attacks

In recent years, the security landscape has changed, with Web applications vulnerabilities becoming more prominent that vulnerabilities stemming from the lack of type safety, such as buffer overruns. Many reports point to code injection attacks such as ...

Article
ABASH: finding bugs in bash scripts

This paper describes the design and implementation of ABASH, a tool for statically analyzing programs written in the bash scripting language. Although it makes no formal guarantees against missed errors or spurious warnings (largely due to the highly ...

Contributors
  • University of Maryland, College Park

Recommendations

Acceptance Rates

Overall Acceptance Rate 43 of 77 submissions, 56%
YearSubmittedAcceptedRate
PLAS '184250%
PLAS '1710880%
PLAS '1611655%
PLAS'159556%
PLAS'1410660%
PLAS '1314857%
PLAS '0919842%
Overall774356%