This paper presents a capability-based mechanism for permissiveyet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smoothenforcement of information-flow policies using capability systems.The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja
Recent years have seen a proliferation of research on information flow control. While the progress h...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This paper explores information flow control in systems in which the security classes of data can v...
This paper presents a capability-based mechanism for permissive yet secure enforcement of informatio...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Motivated by the problem of understanding the difference between practical access control and capabi...
Over the years, computer systems and applications have grown significantly complex while handling a ...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
In capability-safe languages, components can access a resource only if they possess a capability for...
This thesis investigates the specification and the application of dynamic security policies in infor...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Mainstream mechanisms for protection of information security are not adequate. Most vulnerabilities ...
This paper presents a language in which information flow is securely controlled by a type system, ye...
This paper presents a language in which information flow is securely controlled by a type system, ye...
Recent years have seen a proliferation of research on information flow control. While the progress h...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This paper explores information flow control in systems in which the security classes of data can v...
This paper presents a capability-based mechanism for permissive yet secure enforcement of informatio...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Motivated by the problem of understanding the difference between practical access control and capabi...
Over the years, computer systems and applications have grown significantly complex while handling a ...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
In capability-safe languages, components can access a resource only if they possess a capability for...
This thesis investigates the specification and the application of dynamic security policies in infor...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
Mainstream mechanisms for protection of information security are not adequate. Most vulnerabilities ...
This paper presents a language in which information flow is securely controlled by a type system, ye...
This paper presents a language in which information flow is securely controlled by a type system, ye...
Recent years have seen a proliferation of research on information flow control. While the progress h...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This paper explores information flow control in systems in which the security classes of data can v...