Marco Pistoia
Úlfar Erlingsson
Skip Abstract Section
Abstract
Software security has been traditionally enforced at the level of operating systems. However, operating systems have become increasingly large and complex, and it is very difficult--if not impossible--to enforce software security solely through them. Moreover, operating-system security allows dealing primarily with access-control policies on resources such as files and network connections. However, attacks may happen at both lower and higher levels of abstraction, and may target the internal behavior of applications, such as today's Web-based applications. Therefore, defenses must offer protection at the level of applications. Language-based security is the area of research that studies how to enforce application-level security using programming-language and program-analysis techniques. This area of research has become very active with the advent of Web applications. In 2006, the ACM SIGPLAN has introduced a new yearly forum entirely dedicated to the discussion of language-based-security research: Programming Languages and Analysis for Security (PLAS). This paper is a three-year survey of PLAS papers that discusses the progress made in the area of language-based security.
- Martin Abadi and Phillip Rogaway. Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). Journal of Cryptology, 20(3):395--395, 2007. Google Scholar
Digital Library
- Torben Amtoft, Sruthi Bandhakavi, and Anindya Banerjee. A Logic for Information Flow in Object-Oriented Programs. In 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2006), pages 91--102, January 2006. Google ScholarDigital Library
- Aslan Askarov and Andrei Sabelfeld. Localized Delimited Release: Combining the What and Where Dimensions of Information Release. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 53--60, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Anindya Banerjee, David A. Naumann, and Stan Rosenberg. Towards a Logical Account of Declassification. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 61--66, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Han Chen and Pasquale Malacaria. Quantitative Analysis of Leakage for Multi-threaded Programs. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 31--40, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Dorothy E. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5):236--243, May 1976. Google ScholarDigital Library
- Dorothy E. Denning and Peter J. Denning. Certification of Programs for Secure Information Flow. Communications of the ACM, 20(7):504--513, July 1977. Google ScholarDigital Library
- Eclipse Project, http://www.eclipse.org.Google Scholar
- Úlfar Erlingsson. The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell University, Ithaca, New York, January 2004. Google ScholarDigital Library
- Riccardo Focardi and Matteo Centenaro. Information Flow Security of Multi-threaded Distributed Programs. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 113--124, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Cédric Fournet and Andrew D. Gordon. Stack Inspection: Theory and Variants. ACM Transactions on Programming Languages and Systems (TOPLAS), 25(3):360--399, 2003. Google ScholarDigital Library
- Timothy Fraser, Nick L. Petroni Jr., and William A. Arbaugh. Applying Flow-sensitive CQUAL to Verify MINIX Authorization Check Placement. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 3--6, Ottawa, ON, Canada, 2006. Google ScholarDigital Library
- Adam Freeman and Allen Jones. Programming .NET Security. O'Reilly & Associates, Inc., Sebastopol, CA, USA, June 2003. Google ScholarDigital Library
- Vinod Ganapathy, Dave King, Trent Jaeger, and Somesh Jha. Mining Security-Sensitive Operations in Legacy Code Using Concept Analysis. In 29th International Conference on Software Engineering (ICSE 2007), pages 458--467, Minneapolis, MN, USA, May 2007. Google ScholarDigital Library
- Joseph A. Goguen and José Meseguer. Security Policies and Security Models. In 1982 IEEE Symposium on Security and Privacy, pages 11--20, Oakland, CA, USA, May 1982. IEEE Computer Society Press.Google Scholar
- Li Gong, Marianne Mueller, Hemma Prafullchandra, and Roland Schemers. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. In USENIX Symposium on Internet Technologies and Systems, Monterey, CA, USA, December 1997. Google ScholarDigital Library
- Kevin W. Hamlen and Micah Jones. Aspect-oriented In-lined Reference Monitors. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 11--20, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Kevin W. Hamlen, Greg Morrisett, and Fred B. Schneider. Certified In-lined Reference Monitoring on .NET. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 7--16, Ottawa, ON, Canada, 2006. Google ScholarDigital Library
- Christian Hammer, Rüdiger Schaade, and Gregor Snelting. Static Path Conditions for Java. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 57--66, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Boniface Hicks, Dave King, and Patrick McDaniel. Jifclipse: Development Tools for Security-typed Languages. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 1--10, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Boniface Hicks, Dave King, Patrick McDaniel, and Michael Hicks. Trusted Declassification: High-level Policy for a Security-typed Language. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 65--74, 2006. Google ScholarDigital Library
- Katia Hristova, Tom Rothamel, Yanhong A. Liu, and Scott D. Stoller. Efficient Type Inference for Secure Information Flow. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 85--94, Ottawa, ON, Canada, 2006. Google ScholarDigital Library
- Daniel Jackson. Alloy: a Lightweight Object Modelling Notation. ACM Trans. Softw. Eng. Methodol., 11(2):256--290, 2002. Google ScholarDigital Library
- Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Precise Alias Analysis for Static Detection of Web Application Vulnerabilities. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 27--36, Ottawa, ON, Canada, 2006. Google ScholarDigital Library
- Larry Koved, Marco Pistoia, and Aaron Kershenbaum. Access Rights Analysis for Java. In 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2002), pages 359--372, Seattle, WA, USA, November 2002. ACM Press. Google ScholarDigital Library
- Charlie Lai, Li Gong, Larry Koved, Anthony J. Nadalin, and Roland Schemers. User Authentication and Authorization in the Java TM Platform. In 15th Annual Computer Security Applications Conference (ACSAC 1999), pages 285--290, Scottsdale, AZ, USA, December 1999. IEEE Computer Security. Google ScholarDigital Library
- Benjamin Livshits and Monica S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. In 14th USENIX Security Symposium, Baltimore, MD, USA, July 2005. Google ScholarDigital Library
- Benjamin Livshits and Úlfar Erlingsson. Using Web Application Construction Frameworks to Protect against Code Injection Attacks. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 95--104, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Pasquale Malacaria and Han Chen. Lagrange Multipliers and Maximum Information Leakage in Different Observational Models. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 135--146, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Stephen McCamant and Michael D. Ernst. A Simulation-based Proof Technique for Dynamic Information Flow. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 41--46, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Stephen McCamant and Michael D. Ernst. Quantitative Information Flow as Network Flow Capacity. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2008), pages 193--205, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Gary McGraw and Edward W. Felten. Securing Java: Getting Down to Business with Mobile Code. John Wiley & Sons, Inc., New York, NY, USA, January 1999. Google ScholarDigital Library
- Andrew C. Myers. JFlow: Practical Mostly-static Information Flow Control. In 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999), pages 228--241, San Antonio, TX, USA, January 1999. Google ScholarDigital Library
- Janus Dam Nielsen and Michael I. Schwartzbach. A Domain-specific Programming Language for Secure Multiparty Computation. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 21--30, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Open Web Application Security Project (OWASP), http://www.owasp.org.Google Scholar
- Marco Pistoia, Anindya Banerjee, and David A. Naumann. Beyond Stack Inspection: A Unified Access Control and Information Flow Security Model. In 28th IEEE Symposium on Security and Privacy, pages 149--163, Oakland, CA, USA, May 2007. Google ScholarDigital Library
- Marco Pistoia, Stephen J. Fink, Robert J. Flynn, and Eran Yahav. When Role Models Have Flaws: Static Validation of Enterprise Security Policies. In 29th International Conference on Software Engineering (ICSE 2007), pages 478--488, Minneapolis, MN, USA, May 2007. Google ScholarDigital Library
- Marco Pistoia, Duane Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani. Java 2 Network Security. Prentice Hall PTR, Upper Saddle River, NJ, USA, second edition, August 1999. Google ScholarDigital Library
- Andrei Sabelfeld and David Sands. Probabilistic Noninterference for Multi-Threaded Programs. In 13th IEEE Computer Security Foundations Workshop (CSFW 2000), pages 200--214, Cambridge, England, UK, June 2000. IEEE Computer Society. Google ScholarDigital Library
- Andrei Sabelfeld and David Sands. Dimensions and Principles of Declassification. In 18th IEEE Computer Security Foundations Workshop (CSFW 2005), pages 255--269, Aix-en-Provence, France, June 2005. Google ScholarDigital Library
- Jerome H. Saltzer and Michael D. Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9):1278--1308, September 1975.Google ScholarCross Ref
- Fred B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 3(1):30--50, 2000. Google ScholarDigital Library
- Alan B. Shaffer, Mikhail Auguston, Cynthia E. Irvine, and Timothy E. Levin. A Security Domain Model to Assess Software for Exploitable Covert Channels. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 45--56, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Scott F. Smith and Mark Thober. Refactoring Programs to Secure Information Flows. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 75--84, Ottawa, ON, Canada, 2006. Google ScholarDigital Library
- Scott F. Smith and Mark Thober. Improving Usability of Information Flow Security in Java. In 2nd Workshop on Programming Languages and Analysis for Security (PLAS 2007), pages 11--20, San Diego, CA, USA, June 2007. Google ScholarDigital Library
- Nikhil Swamy, Brian J. Corcoran, and Michael Hicks. Fable: A Language for Enforcing User-defined Security Policies. In 2008 IEEE Symposium on Security and Privacy, pages 369--383, Oakland, CA, USA, May 2008. Google ScholarDigital Library
- Nikhil Swamy and Michael Hicks. Verified Enforcement of Stateful Information Release Policies. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 21--32, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
- Hiroshi Unno, Naoki Kobayashi, and Akinori Yonezawa. Combining Type-based Analysis and Model Checking for Finding Counterexamples against Non-interference. In 1st Workshop on Programming Languages and Analysis for Security (PLAS 2006), pages 17--26, Ottawa, ON, Canada, 2006. Google ScholarDigital Library
- Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. A Sound Type System for Secure Flow Analysis. Journal of Computer Security, 4(2-3):167--187, January 1996. Google ScholarDigital Library
- Gary Wassermann and Zhendong Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2007), pages 32--41, San Diego, CA, USA, June 2007. ACM. Google ScholarDigital Library
- Gary Wassermann and Zhendong Su. Static Detection of Cross-site Scripting Vulnerabilities. In 30th International Conference on Software Engineering (ICSE 2008), pages 171--180, Leipzig, Germany, May 2008. Google ScholarDigital Library
- Xiaolan Zhang, Antony Edwards, and Trent Jaeger. Using CQUAL for Static Analysis of Authorization Hook Placement. In 11th USENIX Security Symposium, San Francisco, CA, USA, August 2002. Google ScholarDigital Library
- Lantian Zheng and Andrew C. Myers. Securing Non-intrusive Web Encryption through Information Flow. In 3rd Workshop on Programming Languages and Analysis for Security (PLAS 2008), pages 125--134, Tucson, AZ, USA, June 2008. Google ScholarDigital Library
Index Terms
- Programming languages and program analysis for security: a three-year retrospective
Recommendations
Programming languages: history and future
This paper discusses both the history and future of programming languages ( = higher level languages). Some of the difficulties in writing such a history are indicated. A key part of the paper is a tree showing the chronological development of languages ...
Programming Languages and Systems Security
The author surveys the current language-based security technology, particularly as it affects secure systems design.
PLAS 2018 - ACM SIGSAC Workshop on Programming Languages and Analysis for Security
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityThe 13th ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS 2018) is co-located with the 25th ACM Conference on Computer and Communications Security (ACM CCS 2018). Over its now more than ten-year history, PLAS has provided a ...
Comments