Abstract. Before starting the security analysis of an existing system, the most likely outcome is often already clear, namely that the system is not entirely secure. Modifying a program such that it passes the analysis is a difficult problem and usually left entirely to the programmer. In this article, we show that and how unification can be used to compute such program transformations. This opens a new perspective on the problem of correcting insecure programs. We demonstrate that integrating our approach into an existing transforming type system can also improve the precision of the analysis and the quality of the resulting programs.
“Classical” proofs of secure systems are based on reducing the hardness of one problem (defined by t...
Security requirements change, but the typical way of improving system security by patches is ad hoc ...
Abstract. Reverse engineering of executable programs, by disassembling them and then using program a...
Abstract. Before starting the security analysis of an existing system, the most likely outcome is of...
Abstract. Before starting the security analysis of an existing system, the most likely outcome is of...
Before starting a rigorous security analysis of a given software system, the most likely outcome is ...
A recurring problem in security is reverse engineering binary code to recover high-level language da...
A recurring problem in security is reverse engineering binary code to recover high-level language da...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
International audienceA common security recommendation is to reduce the in-memory lifetime of secret...
Starting from the seminal work of Volpano and Smith, there has been growing evidence that type syste...
Abstract. Weakly-typed languages such as Cobol often force program-mers to represent distinct data a...
Abstract. Security requirements change, but the typical way of im-proving system security by patches...
Reverse engineering of executable programs, by disassembling them and then using program analyses to...
If we classify variables in a program into various security levels, then a secure information flow a...
“Classical” proofs of secure systems are based on reducing the hardness of one problem (defined by t...
Security requirements change, but the typical way of improving system security by patches is ad hoc ...
Abstract. Reverse engineering of executable programs, by disassembling them and then using program a...
Abstract. Before starting the security analysis of an existing system, the most likely outcome is of...
Abstract. Before starting the security analysis of an existing system, the most likely outcome is of...
Before starting a rigorous security analysis of a given software system, the most likely outcome is ...
A recurring problem in security is reverse engineering binary code to recover high-level language da...
A recurring problem in security is reverse engineering binary code to recover high-level language da...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
International audienceA common security recommendation is to reduce the in-memory lifetime of secret...
Starting from the seminal work of Volpano and Smith, there has been growing evidence that type syste...
Abstract. Weakly-typed languages such as Cobol often force program-mers to represent distinct data a...
Abstract. Security requirements change, but the typical way of im-proving system security by patches...
Reverse engineering of executable programs, by disassembling them and then using program analyses to...
If we classify variables in a program into various security levels, then a secure information flow a...
“Classical” proofs of secure systems are based on reducing the hardness of one problem (defined by t...
Security requirements change, but the typical way of improving system security by patches is ad hoc ...
Abstract. Reverse engineering of executable programs, by disassembling them and then using program a...