Taint tracking is a popular security mechanism for tracking data-flow dependencies, both in high-level languages and at the machine code level. But despite the many taint trackers in practical use, the question of what, exactly, tainting means-what security policy it embodies-remains largely unexplored. We propose explicit secrecy, a generic framework capturing the essence of explicit flows, i.e., the data flows tracked by tainting. The framework is semantic, generalizing previous syntactic approaches to formulating soundness criteria of tainting. We demonstrate the usefulness of the framework by instantiating it with both a simple high-level imperative language and an idealized RISC machine. To further understanding of what is achieved by ...
Recent micro-architectural research has proposed various schemes to enhance processors with addition...
Security is rarely a static notion. What is considered to be confidential or untrusted data varies o...
Security is rarely a static notion. What is considered to be confidential or untrusted data varies o...
Taint tracking is a popular security mechanism for tracking data-flow dependencies, both in high-lev...
As more and more sensitive data is handled by software, itstrustworthiness becomes an increasingly i...
Taint tracking has been successfully deployed in a range of security applications to track data depe...
Taint-tracking is emerging as a general technique in software security to complement virtualization ...
Information-flow technology is a promising approach for ensuring securityby design and construction....
International audienceThis article presents a novel approach to confidentiality violation detection ...
Language-based information flow methods offer a principled way to enforcestrong security properties,...
Current taint checking architectures monitor tainted data usage mainly with control transfer instruc...
The K framework is a rewrite logic-based framework for defining programming language semantics suita...
Dynamic taint analysis is a fundamental technique in software security that tracks the flow of inter...
AbstractA classic problem in security is that of checking that a program has secure information flow...
Taint analysis is a form of data flow analysis aiming at secure information flow. For example, unche...
Recent micro-architectural research has proposed various schemes to enhance processors with addition...
Security is rarely a static notion. What is considered to be confidential or untrusted data varies o...
Security is rarely a static notion. What is considered to be confidential or untrusted data varies o...
Taint tracking is a popular security mechanism for tracking data-flow dependencies, both in high-lev...
As more and more sensitive data is handled by software, itstrustworthiness becomes an increasingly i...
Taint tracking has been successfully deployed in a range of security applications to track data depe...
Taint-tracking is emerging as a general technique in software security to complement virtualization ...
Information-flow technology is a promising approach for ensuring securityby design and construction....
International audienceThis article presents a novel approach to confidentiality violation detection ...
Language-based information flow methods offer a principled way to enforcestrong security properties,...
Current taint checking architectures monitor tainted data usage mainly with control transfer instruc...
The K framework is a rewrite logic-based framework for defining programming language semantics suita...
Dynamic taint analysis is a fundamental technique in software security that tracks the flow of inter...
AbstractA classic problem in security is that of checking that a program has secure information flow...
Taint analysis is a form of data flow analysis aiming at secure information flow. For example, unche...
Recent micro-architectural research has proposed various schemes to enhance processors with addition...
Security is rarely a static notion. What is considered to be confidential or untrusted data varies o...
Security is rarely a static notion. What is considered to be confidential or untrusted data varies o...