Add to ORKGThis paper presents a capability-based mechanism for permissive yet secure enforcement of information-flow policies. Language capabilities have been studied widely, and several popular implementations, such as Caja and Joe-E, are available. By making the connection from capabilities to information flow, we enable smooth enforcement of information-flow policies using capability systems. The paper presents a transformation that given an arbitrary source program in a simple imperative language produces a secure program in a language with capabilities. We present formal guarantees of security and permissiveness and report on experiments to enforce information-flow policies for web applications using Caja
Information Flow Control is a well established field of research, providing asuite of theoretical an...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This paper explores information flow control in systems in which the security classes of data can v...
This paper presents a capability-based mechanism for permissiveyet secure enforcement of information...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Motivated by the problem of understanding the difference between practical access control and capabi...
Over the years, computer systems and applications have grown significantly complex while handling a ...
In capability-safe languages, components can access a resource only if they possess a capability for...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
This thesis investigates the specification and the application of dynamic security policies in infor...
Mainstream mechanisms for protection of information security are not adequate. Most vulnerabilities ...
Recent years have seen a proliferation of research on information flow control. While the progress h...
This paper presents a language in which information flow is securely controlled by a type system, ye...
This paper presents a language in which information flow is securely controlled by a type system, ye...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This paper explores information flow control in systems in which the security classes of data can v...
This paper presents a capability-based mechanism for permissiveyet secure enforcement of information...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
Motivated by the problem of understanding the difference between practical access control and capabi...
Over the years, computer systems and applications have grown significantly complex while handling a ...
In capability-safe languages, components can access a resource only if they possess a capability for...
This thesis explores several ways to diversify the field of Information Flow Control. At the heart o...
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Comp...
This thesis investigates the specification and the application of dynamic security policies in infor...
Mainstream mechanisms for protection of information security are not adequate. Most vulnerabilities ...
Recent years have seen a proliferation of research on information flow control. While the progress h...
This paper presents a language in which information flow is securely controlled by a type system, ye...
This paper presents a language in which information flow is securely controlled by a type system, ye...
Information Flow Control is a well established field of research, providing asuite of theoretical an...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
This paper explores information flow control in systems in which the security classes of data can v...