Noninterference requires that public outputs of a program must be completely independent from secrets. While this ensures that secrets cannot be leaked, it is too restrictive for m...
Separation of Duty Constraints David Basin1 , Samuel J. Burri1,2 , and G?unter Karjoth2 1 ETH Zurich, Department of Computer Science, Switzerland 2 IBM Research, Zurich Research La...
Abstract. This paper presents a new security architecture for protecting software confidentiality and integrity. Different from the previous process-centric systems designed for ...
Despite the widespread and growing use of asynchronous copies to improve scalability, performance and availability, this practice still lacks a firm semantic foundation. Applicati...
We propose a new way to raise the level of discourse in the programming process: permit ambiguity, but manage it by linking it to unambiguous examples. This allows programming env...