Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
PLDI
2006
ACM
2006
ACM
Refactoring programs to secure information flows
Adding a sound information flow security policy to an existing program is a difficult task that requires major analysis of and changes to the program. In this paper we show how refactoring programs into distinct components of high and low security is a useful methodology to aid in the production of programs with sound information flow policies. Our methodology proceeds as follows. Given a program with no information flow controls, a program slicer is used to identify code that depends on high security inputs. High security code so identified is then refactored into a separate component, which may be accessed by the low security component via public method calls. A security policy that labels input data and checks the output points can then enforce the desired end-to-end security property. Controlled information releases can occur at explicit declassification points if deemed safe. The result is a wellengineered program with explicit interfaces between components of different sec...
Real-time Traffic| Added | 14 Jun 2010 |
| Updated | 14 Jun 2010 |
| Type | Conference |
| Year | 2006 |
| Where | PLDI |
| Authors | Scott F. Smith, Mark Thober |
Comments (0)
Researcher Info
|
