Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleJune 2012
Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment: a case study within the FoCaLiZe environment
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 9, Pages 1–12https://doi.org/10.1145/2336717.2336726FoCaLiZe is an object-oriented programming environment that combines specifications, programs and proofs in the same language. This paper describes how its features can be used to formally express specifications and to develop by stepwise refinement the ...
- research-articleJune 2012
Hash-flow taint analysis of higher-order programs
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 8, Pages 1–12https://doi.org/10.1145/2336717.2336725As web applications have grown in popularity, so have attacks on such applications. Cross-site scripting and injection attacks have become particularly problematic. Both vulnerabilities stem, at their core, from improper sanitization of user input.
We ...
- research-articleJune 2012
Towards a taint mode for cloud computing web applications
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 7, Pages 1–12https://doi.org/10.1145/2336717.2336724Cloud computing is generally understood as the distribution of data and computations over the Internet. Over the past years, there has been a steep increase in web sites using this technology. Unfortunately, those web sites are not exempted from ...
- research-articleJune 2012
Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 6, Pages 1–6https://doi.org/10.1145/2336717.2336723A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow analyses cannot ...
- research-articleJune 2012
A generic approach for security policies composition: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 5, Pages 1–4https://doi.org/10.1145/2336717.2336722When modelling access control in distributed systems, the problem of security policies composition arises. Much work has been done on different ways of combining policies, and using different logics to do this. In this paper, we propose a more general ...
- research-articleJune 2012
Security correctness for secure nested transactions: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 4, Pages 1–6https://doi.org/10.1145/2336717.2336721This article considers the synthesis of two long-standing lines of research in computer security: security correctness for multilevel databases, and language-based security. The motivation is an approach to supporting end-to-end security for a wide ...
- research-articleJune 2012
Security-policy monitoring and enforcement with JavaMOP
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 3, Pages 1–11https://doi.org/10.1145/2336717.2336720Software security attacks represent an ever growing problem. One way to make software more secure is to use Inlined Reference Monitors (IRMs), which allow security specifications to be inlined inside a target program to ensure its compliance with the ...
- research-articleJune 2012
Knowledge-oriented secure multiparty computation
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityArticle No.: 2, Pages 1–12https://doi.org/10.1145/2336717.2336719Protocols for secure multiparty computation (SMC) allow a set of mutually distrusting parties to compute a function f of their private inputs while revealing nothing about their inputs beyond what is implied by the result. Depending on f, however, the ...
