Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/1554339acmconferencesBook PagePublication PagespldiConference Proceedingsconference-collections
PLAS '09: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
ACM2009 Proceeding
Publisher:
  • Association for Computing Machinery
  • New York
  • NY
  • United States
Conference:
PLDI '09: ACM SIGPLAN Conference on Programming Language Design and Implementation Dublin Ireland June 15 - 21, 2009
ISBN:
978-1-60558-645-8
Published:
15 June 2009
Sponsors:
Recommend ACM DL
ALREADY A SUBSCRIBER?SIGN IN

Reflects downloads up to 21 Dec 2024Bibliometrics
Skip Abstract Section
Abstract

It is our pleasure to welcome you to the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security (PLAS 2009).

The call for papers attracted 19 submissions: 15 full-length papers, and 4 formal short papers. Authors could choose to submit full-length papers, formal short papers, or informal short papers (which would not be included in the proceedings, and would not preclude publication in other conference venues or journals). Authors could choose to submit their work anonymously; one submission did so.

Each submission received at least three reviews. All reviews were made available to all program committee members, and the final decision on which papers to accept was made after a three day on-line program committee meeting. Eight long papers and three short ones will appear in the proceedings and be presented at the Workshop.

Skip Table Of Content Section
SESSION: Security in new languages
research-article
Language-based security on Android

In this paper, we initiate a formal study of security on Android: Google's new open-source platform for mobile devices. Specifically, we present a core typed language to describe Android applications, and to reason about their data-flow security ...

research-article
ActionScript bytecode verification with co-logic programming

A prototype security policy verification system for Action-Script binaries is presented, whose implementation leverages recent advances in co-logic programming. Our experience with co-logic programming indicates that it is an extremely useful paradigm ...

SESSION: Static information flow
research-article
Encoding information flow in Aura

Two of the main ways to protect security-sensitive resources in computer systems are to enforce access-control policies and information-flow policies. In this paper, we show how to enforce information-flow policies in Aura, which is a programming ...

research-article
On PDG-based noninterference and its modular proof

We present the first machine-checked correctness proof for information flow control (IFC) based on program dependence graphs (PDGs). IFC based on slicing and PDGs is flow-sensitive, context-sensitive, and object-sensitive; thus offering more precision ...

research-article
Catch me if you can: permissive yet secure error handling

Program errors are a source of information leaks. Tracking these leaks is hard because error propagation breaks out of program structure. Programming languages often feature exception constructs to provide some structure to error handling: for example, ...

SESSION: Theme redacted for security
research-article
A weakest precondition approach to active attacks analysis

Information flow controls can be used to protect both data confidentiality and data integrity. The certification of the security degree of a program that runs in untrusted environments still remains an open problem in language-based security. The notion ...

research-article
Measuring channel capacity to distinguish undue influence

The channel capacity of a program is a quantitative measure of the amount of control that the inputs to a program have over its outputs. Because it corresponds to worst-case assumptions about the probability distribution over those inputs, it is ...

research-article
An implementation and semantics for transactional memory introspection in Haskell

Transactional Memory Introspection (TMI) is a novel reference monitor architecture that provides complete mediation, freedom from time of check to time of use bugs and improved failure handling for authorization. TMI builds on and integrates with ...

SESSION: Dynamic information flow and dynamic policies
research-article
Flow-sensitive semantics for dynamic information flow policies

Dynamic information flow policies, such as declassification, are essential for practically useful information flow control systems. However, most systems proposed to date that handle dynamic information flow policies suffer from a common drawback. They ...

research-article
Efficient purely-dynamic information flow analysis

We present a novel approach for efficiently tracking information flow in a dynamically-typed language such as JavaScript. Our approach is purely dynamic, and it detects problems with implicit paths via a dynamic check that avoids the need for an ...

research-article
A language for information flow: dynamic tracking in multiple interdependent dimensions

This paper presents λI, a language for dynamic tracking of information flow across multiple, interdependent dimensions of information. Typical dimensions of interest are integrity and confidentiality. λI supports arbitrary domain-specific policies that ...

Contributors
  • Harvard University
  • Stevens Institute of Technology

Recommendations

Acceptance Rates

PLAS '09 Paper Acceptance Rate 8 of 19 submissions, 42%;
Overall Acceptance Rate 43 of 77 submissions, 56%
YearSubmittedAcceptedRate
PLAS '184250%
PLAS '1710880%
PLAS '1611655%
PLAS'159556%
PLAS'1410660%
PLAS '1314857%
PLAS '0919842%
Overall774356%