Instruction-level security analysis for information flow in stack-based assembly languages

We propose a method to analyze secure information flow in stack-based assembly languages, communicating with the external environment by means of input and output channels. The method computes for each instruction a security level for each memory variable and stack element. Instruction-level securit...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Information and computation Ročník 205; číslo 9; s. 1334 - 1370
Hlavní autoři: De Francesco, Nicoletta, Martini, Luca
Médium: Journal Article
Jazyk:angličtina
Vydáno: San Diego, CA Elsevier Inc 01.09.2007
Elsevier
Témata:
Abstract interpretation
Algorithmics. Computability. Computer arithmetics
Applied sciences
Combinatorics
Combinatorics. Ordered structures
Computer science; control theory; systems
Designs and configurations
Exact sciences and technology
Flow-sensitive
Language theory and syntactical analysis
Language-based security
Mathematics
Miscellaneous
Sciences and techniques of general use
Static analysis
Theoretical computing
Flow-sensitive
Abstract interpretation
Language-based security
Static analysis
Forgetting
Input output
Addition
Abstract machine
Typing
Configuration
Computer theory
Operational semantics
Memory
Iteration
Verification
Instruction
Algorithm
Flow
Stack
Input
Information flow
Environment
ISSN:0890-5401, 1090-2651
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstract We propose a method to analyze secure information flow in stack-based assembly languages, communicating with the external environment by means of input and output channels. The method computes for each instruction a security level for each memory variable and stack element. Instruction-level security analysis is flow-sensitive and hence is more precise than other analyses, such as standard security typing. Instruction-level security analysis is specified in the framework of abstract interpretation. We define concrete operational semantics which handles, in addition to execution aspects, the flow of information of the program. The basis of the approach is that each value is annotated by a security level and that the abstract domain is obtained from the concrete one by keeping the security levels and forgetting the actual values. Operand stack are abstracted as fixed-length stacks of security levels. An abstract state is a map from instructions to abstract machine configurations, where values are substituted by security levels. The abstract semantics consists of a set of abstract rules manipulating abstract states. The instruction-level security typing can be performed by an efficient fixpoint iteration algorithm, similar to that used by bytecode verification.
AbstractList We propose a method to analyze secure information flow in stack-based assembly languages, communicating with the external environment by means of input and output channels. The method computes for each instruction a security level for each memory variable and stack element. Instruction-level security analysis is flow-sensitive and hence is more precise than other analyses, such as standard security typing. Instruction-level security analysis is specified in the framework of abstract interpretation. We define concrete operational semantics which handles, in addition to execution aspects, the flow of information of the program. The basis of the approach is that each value is annotated by a security level and that the abstract domain is obtained from the concrete one by keeping the security levels and forgetting the actual values. Operand stack are abstracted as fixed-length stacks of security levels. An abstract state is a map from instructions to abstract machine configurations, where values are substituted by security levels. The abstract semantics consists of a set of abstract rules manipulating abstract states. The instruction-level security typing can be performed by an efficient fixpoint iteration algorithm, similar to that used by bytecode verification.
Author Martini, Luca
De Francesco, Nicoletta
Author_xml – sequence: 1
  givenname: Nicoletta
  surname: De Francesco
  fullname: De Francesco, Nicoletta
  email: nico@iet.unipi.it
– sequence: 2
  givenname: Luca
  surname: Martini
  fullname: Martini, Luca
  email: luca.martini@iet.unipi.it
BackLink http://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=19016384$$DView record in Pascal Francis
BookMark eNp1UD1PwzAQtRBIlMLOmIUx4Rw7bsKGKj4qVWLpxGJdHKdycZ3Klxb135O2iAGpy93p9N67e--GXYYuWMbuOWQcuHpcZc5kOcAkA5kB5BdsxKGCNFcFv2QjKIe5kMCv2Q3RCoDzQqoR-5wF6uPW9K4Lqbc76xOyZhtdv08woN-To6TtYuLCUNd4wCWt776HRUI9mq-0RrJNgkR2Xft94jEst7i0dMuuWvRk7377mC1eXxbT93T-8TabPs9TI3LZpzk0ZniyqYuyUG2tRFNhjqWoG1EIlLUsUKEwsqyqiagBKwXKAti6bLmEXIzZw0l2g2TQtxGDcaQ30a0x7jWvhnREKQecOuFM7IiibbVx_dFPH9F5zUEfgtQr7Yw-BKlBajgegH_EP-3zlKcTxQ6-d85GTcbZYGzjojW9bjp3nvwDALCNRA
CODEN INFCEC
CitedBy_id crossref_primary_10_1007_s12652_014_0241_z
Cites_doi 10.1145/1045405.1045411
10.1023/A:1025055424017
10.1093/comjnl/bxh161
10.1093/comjnl/47.1.25
10.1109/JSAC.2002.806121
10.1016/S0141-9331(02)00064-9
10.1145/964001.964017
10.1016/S0167-6423(99)00024-6
10.1016/S0020-0190(02)00219-3
10.1145/512950.512973
10.1145/1111037.1111046
10.1002/spe.611
10.1007/10722599_1
10.1145/1111037.1111045
10.1023/A:1020843229247
10.1145/357084.357088
10.1145/512927.512945
10.1002/spe.438
10.1145/359636.359712
10.1093/logcom/2.4.511
10.1145/360051.360056
10.3233/JCS-1996-42-304
10.1145/966051.966055
ContentType Journal Article
Copyright 2007 Elsevier Inc.
2007 INIST-CNRS
Copyright_xml – notice: 2007 Elsevier Inc.
– notice: 2007 INIST-CNRS
DBID 6I.
AAFTH
AAYXX
CITATION
IQODW
DOI 10.1016/j.ic.2007.04.002
DatabaseName ScienceDirect Open Access Titles
Elsevier:ScienceDirect:Open Access
CrossRef
Pascal-Francis
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Computer Science
Mathematics
Applied Sciences
EISSN 1090-2651
EndPage 1370
ExternalDocumentID 19016384
10_1016_j_ic_2007_04_002
S0890540107000521
GroupedDBID --K
--M
--Z
-~X
.~1
0R~
1B1
1~.
1~5
29I
4.4
457
4G.
5GY
5VS
6I.
6TJ
7-5
71M
8P~
9JN
AACTN
AAEDT
AAEDW
AAFTH
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
ABAOU
ABBOA
ABFNM
ABJNI
ABMAC
ABTAH
ABVKL
ABXDB
ABYKQ
ACAZW
ACDAQ
ACGFS
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADFGL
ADMUD
AEBSH
AEKER
AENEX
AEXQZ
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ARUGR
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BLXMC
CAG
COF
CS3
DM4
DU5
E3Z
EBS
EFBJH
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-Q
G8K
GBLVA
GBOLZ
HVGLF
HZ~
H~9
IHE
IXB
J1W
KOM
LG5
LX9
M41
MHUIS
MO0
MVM
N9A
NCXOZ
O-L
O9-
OAUVE
OK1
OZT
P-8
P-9
P2P
PC.
Q38
R2-
RIG
RNS
ROL
RPZ
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSW
SSZ
T5K
TN5
WH7
WUQ
XJT
XPP
ZMT
ZU3
ZY4
~G-
9DU
AATTM
AAXKI
AAYWO
AAYXX
ABDPE
ABWVN
ACLOT
ACRPL
ACVFH
ADCNI
ADNMO
ADVLN
AEIPS
AEUPX
AFJKZ
AFPUW
AGQPQ
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
CITATION
EFKBS
~HD
AFXIZ
AGCQF
AGRNS
BNPGV
IQODW
SSH
ID FETCH-LOGICAL-c324t-20dc265db5856fb63d9a2a83bd353a4b45a6a3c489973b0a9606e00eb8f14023
ISICitedReferencesCount 3
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000249570500004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0890-5401
IngestDate Mon Jul 21 09:16:22 EDT 2025
Sat Nov 29 01:56:30 EST 2025
Tue Nov 18 22:35:07 EST 2025
Fri Feb 23 02:25:05 EST 2024
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 9
Keywords Flow-sensitive
Abstract interpretation
Language-based security
Static analysis
Forgetting
Input output
Addition
Abstract machine
Typing
Configuration
Computer theory
Operational semantics
Memory
Iteration
Verification
Instruction
Algorithm
Flow
Stack
Input
Information flow
Environment
Language English
License http://www.elsevier.com/open-access/userlicense/1.0
https://www.elsevier.com/tdm/userlicense/1.0
https://www.elsevier.com/open-access/userlicense/1.0
CC BY 4.0
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c324t-20dc265db5856fb63d9a2a83bd353a4b45a6a3c489973b0a9606e00eb8f14023
OpenAccessLink https://dx.doi.org/10.1016/j.ic.2007.04.002
PageCount 37
ParticipantIDs pascalfrancis_primary_19016384
crossref_citationtrail_10_1016_j_ic_2007_04_002
crossref_primary_10_1016_j_ic_2007_04_002
elsevier_sciencedirect_doi_10_1016_j_ic_2007_04_002
PublicationCentury 2000
PublicationDate 2007-09-01
PublicationDateYYYYMMDD 2007-09-01
PublicationDate_xml – month: 09
  year: 2007
  text: 2007-09-01
  day: 01
PublicationDecade 2000
PublicationPlace San Diego, CA
PublicationPlace_xml – name: San Diego, CA
PublicationTitle Information and computation
PublicationYear 2007
Publisher Elsevier Inc
Elsevier
Publisher_xml – name: Elsevier Inc
– name: Elsevier
References Denning (bib25) 1976; 19
Barbuti, Bernardeschi, De Francesco (bib9) 2004; 47
Zdancewic, Myers (bib46) 2001; vol. 2028
Leroy (bib38) 2003; 30
Barbuti, De Francesco, Santone, Tesei (bib10) 2002; 51
Aho, Sethi, Ullman (bib2) 1986
Lindholm, Yellin (bib39) 1999
S. Zdancewic, A.C. Myers, Secure information flow via linear continuations, Higher Order and Symbolic Computation, 15(2–3), Kluwer Academic Publishers 2002, pp. 209–234.
Andrews, Reitman (bib4) 1980; 2
Joshi, Rustan, Leino (bib34) 2000; 37
Avvenuti, Bernardeschi, De Francesco (bib5) 2003; 38
Sabelfeld, Myers (bib42) 2003; 21
Volpano, Smith, Irvine (bib44) 1996; 4
N.Kobayashi, K. Shirane, Type-based information flow analysis for low-level languages, in: Informal Proceedings of the 3rd Asian Workshop on Programming Languages and Systems (APLAS’02), 2002.
Clark, Hankin, Hunt (bib19) 2002; 28
Leroy (bib37) 2002; 32
Myers (bib41) 1999
Chen (bib18) 2000
D.E. Bell, L.J. La Padula, Secure computer systems: mathematical foundations and model, Technical Report M74-244, MITRE Corporation, Bedford, Massachusetts, 1973.
P. Cousot, R. Cousot, Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints, in: 4th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, Los Angeles, California, 1977, pp. 238–252.
Heintze, Riecke (bib30) 1998
Bernardeschi, De Francesco (bib13) 2002; vol. 2294
Genaim, Spoto (bib27) 2005; vol. 3385
T. Amtoft, S. Bandhakavi, A. Banerjee, A logic for information flow in object-oriented programs, in: J. Gregory Morrisett, Simon L. Peyton Jones (Eds.), Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, January 11–13, 2006, pp. 91–102, ACM, 2006.
Barthe, Rezk (bib11) 2005
Bernardeschi, De Francesco, Lettieri, Martini (bib15) 2004; 34
De Francesco, Santone, Tesei (bib24) 2003; 54
Zanotti (bib45) 2002; vol. 2477
Barbuti, Bernardeschi, De Francesco (bib7) 2002; 83
G.A. Kildall, A unified approach to global program optimization, in: Proceedings of the 1st Annual ACM Symposium on Principles of Programming Languages, Boston, Massachusetts, October 1973, pp. 194–206.
Jones, Nielson (bib33) 1995; vol. 4
Bernardeschi, Lettieri, Martini, Masci (bib16) 2006; 49
Cousot, Cousot (bib21) 1992; 2
Bernardeschi, De Francesco, Lettieri (bib14) 2002; 26
Banâtre, Bryce, Le Métayer (bib6) 1994; vol. 875
S.Hunt, D. Sands, On flow-sensitive security types, in: J. Gregory Morrisett, Simon L. Peyton Jones (Eds.), Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, January 11–13, 2006, ACM, 2006, pp. 79–90.
Barbuti, Bernardeschi, De Francesco (bib8) 2002
Goguen, Meseguer (bib29) 1982
Smith, Volpano (bib43) 1998
Denning, Denning (bib26) 1977; 20
P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V. Wiels, G. Zanon, Checking secure interactions of smart card applets, in: ESORICS 2000 Proceedings, 2000.
Cousot, Cousot (bib22) 1992
R. Giacobazzi, I. Mastroeni, Abstract non-interference: parameterizing non-interference by abstract interpretation, in: N.D. Jones, X. Leroy (Eds.), Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (POPL ’04), Venice, Italy, January 14–16, 2004, ACM, January 2004, pp. 186–197.
De Francesco, Martini (bib23) 2006
B. Jacobs, W. Pieters, M. Warnier, Statically checking confidentiality via dynamic labels, in: Workshop on Issues in the Theory of Security proceedings, Long Beach, CA, United States, January 20, 2005, ACM, 2005.
Abadi, Banerjee, Heintze, Riecke (bib1) 1999
Medel, Compagnoni, Bonelli (bib40) 2005; vol. 3701
Barbuti (10.1016/j.ic.2007.04.002_bib8) 2002
Barbuti (10.1016/j.ic.2007.04.002_bib9) 2004; 47
Zanotti (10.1016/j.ic.2007.04.002_bib45) 2002; vol. 2477
Sabelfeld (10.1016/j.ic.2007.04.002_bib42) 2003; 21
Genaim (10.1016/j.ic.2007.04.002_bib27) 2005; vol. 3385
Denning (10.1016/j.ic.2007.04.002_bib26) 1977; 20
Avvenuti (10.1016/j.ic.2007.04.002_bib5) 2003; 38
Abadi (10.1016/j.ic.2007.04.002_bib1) 1999
Chen (10.1016/j.ic.2007.04.002_bib18) 2000
Volpano (10.1016/j.ic.2007.04.002_bib44) 1996; 4
10.1016/j.ic.2007.04.002_bib32
Banâtre (10.1016/j.ic.2007.04.002_bib6) 1994; vol. 875
Lindholm (10.1016/j.ic.2007.04.002_bib39) 1999
10.1016/j.ic.2007.04.002_bib12
10.1016/j.ic.2007.04.002_bib35
10.1016/j.ic.2007.04.002_bib36
Bernardeschi (10.1016/j.ic.2007.04.002_bib15) 2004; 34
10.1016/j.ic.2007.04.002_bib17
Bernardeschi (10.1016/j.ic.2007.04.002_bib13) 2002; vol. 2294
Goguen (10.1016/j.ic.2007.04.002_bib29) 1982
Myers (10.1016/j.ic.2007.04.002_bib41) 1999
Aho (10.1016/j.ic.2007.04.002_bib2) 1986
Cousot (10.1016/j.ic.2007.04.002_bib22) 1992
De Francesco (10.1016/j.ic.2007.04.002_bib23) 2006
10.1016/j.ic.2007.04.002_bib31
Barbuti (10.1016/j.ic.2007.04.002_bib10) 2002; 51
Barthe (10.1016/j.ic.2007.04.002_bib11) 2005
Barbuti (10.1016/j.ic.2007.04.002_bib7) 2002; 83
Clark (10.1016/j.ic.2007.04.002_bib19) 2002; 28
Andrews (10.1016/j.ic.2007.04.002_bib4) 1980; 2
Denning (10.1016/j.ic.2007.04.002_bib25) 1976; 19
Zdancewic (10.1016/j.ic.2007.04.002_bib46) 2001; vol. 2028
De Francesco (10.1016/j.ic.2007.04.002_bib24) 2003; 54
Leroy (10.1016/j.ic.2007.04.002_bib38) 2003; 30
Heintze (10.1016/j.ic.2007.04.002_bib30) 1998
Jones (10.1016/j.ic.2007.04.002_bib33) 1995; vol. 4
Bernardeschi (10.1016/j.ic.2007.04.002_bib14) 2002; 26
Medel (10.1016/j.ic.2007.04.002_bib40) 2005; vol. 3701
10.1016/j.ic.2007.04.002_bib47
Smith (10.1016/j.ic.2007.04.002_bib43) 1998
Leroy (10.1016/j.ic.2007.04.002_bib37) 2002; 32
Cousot (10.1016/j.ic.2007.04.002_bib21) 1992; 2
10.1016/j.ic.2007.04.002_bib28
Bernardeschi (10.1016/j.ic.2007.04.002_bib16) 2006; 49
Joshi (10.1016/j.ic.2007.04.002_bib34) 2000; 37
10.1016/j.ic.2007.04.002_bib3
10.1016/j.ic.2007.04.002_bib20
References_xml – volume: 38
  start-page: 20
  year: 2003
  end-page: 27
  ident: bib5
  article-title: Java bytecode verification for secure information flow
  publication-title: ACM SIGPLAN Notices
– volume: vol. 2028
  start-page: 46
  year: 2001
  end-page: 61
  ident: bib46
  article-title: Secure information flow and CPS
  publication-title: 10th European Symposium on Programming Proceedings
– volume: 32
  start-page: 319
  year: 2002
  end-page: 340
  ident: bib37
  article-title: Bytecode verification for java smart card
  publication-title: Softw. Prac. Exper.
– start-page: 11
  year: 1982
  end-page: 20
  ident: bib29
  article-title: Security policies and security models
  publication-title: IEEE Symposium on Security and Privacy Proceedings
– volume: vol. 4
  start-page: 527
  year: 1995
  end-page: 636
  ident: bib33
  article-title: Abstract interpretation: a semantic based tool for program analysis
  publication-title: Handbook of Logic in Computer Science
– reference: G.A. Kildall, A unified approach to global program optimization, in: Proceedings of the 1st Annual ACM Symposium on Principles of Programming Languages, Boston, Massachusetts, October 1973, pp. 194–206.
– volume: 34
  start-page: 1225
  year: 2004
  end-page: 1255
  ident: bib15
  article-title: Checking secure information flow in java bytecode by code transformation and standard bytecode verification
  publication-title: Softw. Pract. Exper.
– reference: N.Kobayashi, K. Shirane, Type-based information flow analysis for low-level languages, in: Informal Proceedings of the 3rd Asian Workshop on Programming Languages and Systems (APLAS’02), 2002.
– volume: 51
  start-page: 1
  year: 2002
  end-page: 11
  ident: bib10
  article-title: A notion of non-interference for timed automata
  publication-title: Fundam. Inf.
– reference: R. Giacobazzi, I. Mastroeni, Abstract non-interference: parameterizing non-interference by abstract interpretation, in: N.D. Jones, X. Leroy (Eds.), Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, (POPL ’04), Venice, Italy, January 14–16, 2004, ACM, January 2004, pp. 186–197.
– volume: 2
  start-page: 511
  year: 1992
  end-page: 547
  ident: bib21
  article-title: Abstract interpretation frameworks
  publication-title: J. Logic Comp.
– start-page: 147
  year: 1999
  end-page: 160
  ident: bib1
  article-title: A core calculus of dependency
  publication-title: 26th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, January 20–22, 1999, San Antonio, TX
– year: 2000
  ident: bib18
  article-title: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide
– reference: P. Cousot, R. Cousot, Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints, in: 4th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, Los Angeles, California, 1977, pp. 238–252.
– start-page: 228
  year: 1999
  end-page: 241
  ident: bib41
  article-title: Jflow: practical mostly-static information flow control
  publication-title: 26th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, January 20–22, 1999, San Antonio, TX
– start-page: 83
  year: 1992
  end-page: 94
  ident: bib22
  article-title: Inductive definitions, semantics and abstract interpretations
  publication-title: Conference Record of the Nineteenth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’92), Albuquerque, New Mexico, January 1992
– volume: vol. 3385
  start-page: 346
  year: 2005
  end-page: 362
  ident: bib27
  article-title: Information flow analysis for Java Bytecode
  publication-title: Proceedings of the Sixth International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI’05), Paris, France, January 17–19, 2005
– volume: vol. 3701
  start-page: 360
  year: 2005
  end-page: 374
  ident: bib40
  article-title: A typed assembly language for non-interference
  publication-title: Theoretical Computer Science, 9th Italian Conference, ICTCS 2005, Siena, Italy, October 12–14, 2005, Proceedings
– volume: 54
  start-page: 195
  year: 2003
  end-page: 211
  ident: bib24
  article-title: Abstract interpretation and model checking for checking secure information flow in concurrent systems
  publication-title: Fundam. Inf.
– volume: 28
  start-page: 3
  year: 2002
  end-page: 28
  ident: bib19
  article-title: Information flow for algol-like languages
  publication-title: Comput. Lang. (Special Issue: Computer Languages and Security)
– start-page: 365
  year: 1998
  end-page: 377
  ident: bib30
  article-title: The SLam calculus: programming with secrecy and integrity
  publication-title: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, January 19-21, 1998
– reference: B. Jacobs, W. Pieters, M. Warnier, Statically checking confidentiality via dynamic labels, in: Workshop on Issues in the Theory of Security proceedings, Long Beach, CA, United States, January 20, 2005, ACM, 2005.
– volume: 30
  start-page: 235
  year: 2003
  end-page: 269
  ident: bib38
  article-title: Java bytecode verification: Algorithms and formalizations
  publication-title: J. Automated Reason.
– volume: vol. 2477
  start-page: 360
  year: 2002
  end-page: 375
  ident: bib45
  article-title: Security typings by abstract interpretation
  publication-title: Static Analysis, 9th International Symposium, SAS 2002, Madrid, Spain, September 17–20, 2002, Proceedings
– volume: 4
  start-page: 167
  year: 1996
  end-page: 187
  ident: bib44
  article-title: A sound type system for secure flow analysis
  publication-title: J. Comput. Secur.
– reference: T. Amtoft, S. Bandhakavi, A. Banerjee, A logic for information flow in object-oriented programs, in: J. Gregory Morrisett, Simon L. Peyton Jones (Eds.), Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, January 11–13, 2006, pp. 91–102, ACM, 2006.
– volume: 83
  start-page: 101
  year: 2002
  end-page: 108
  ident: bib7
  article-title: Abstract interpretation of operational semantics for secure information flow
  publication-title: Inform. Process. Lett.
– volume: 19
  start-page: 236
  year: 1976
  end-page: 243
  ident: bib25
  article-title: A lattice model of secure information flow
  publication-title: Comm. ACM
– reference: S. Zdancewic, A.C. Myers, Secure information flow via linear continuations, Higher Order and Symbolic Computation, 15(2–3), Kluwer Academic Publishers 2002, pp. 209–234.
– volume: 20
  start-page: 504
  year: 1977
  end-page: 513
  ident: bib26
  article-title: Certification of programs for secure information flow
  publication-title: Comm. ACM
– year: 1999
  ident: bib39
  article-title: Java Virtual Machine Specification
– start-page: 229
  year: 2002
  end-page: 236
  ident: bib8
  article-title: Checking security of Java bytecode by abstract interpretation
  publication-title: SAC ’02: Proceedings of the 2002 ACM Symposium on Applied computing, March 10–14, 2002, Madrid, Spain
– volume: 37
  start-page: 113
  year: 2000
  end-page: 138
  ident: bib34
  article-title: A semantic approach to secure information flow
  publication-title: Sci. Comput. Prog.
– year: 1986
  ident: bib2
  article-title: Compilers: Principles, Techniques, and Tools
– volume: 21
  start-page: 5
  year: 2003
  end-page: 19
  ident: bib42
  article-title: Language-based information-flow security
  publication-title: IEEE Journal on Selected Areas in Communications
– volume: 2
  start-page: 56
  year: 1980
  end-page: 76
  ident: bib4
  article-title: An axiomatic approach to information flow in programs
  publication-title: ACM Trans. Program. Lang. Syst.
– volume: vol. 875
  start-page: 55
  year: 1994
  end-page: 73
  ident: bib6
  article-title: Compile-time detection of information flow in sequential programs
  publication-title: Proceedings 3rd European Symposium on Research in Computer Security
– volume: 26
  start-page: 391
  year: 2002
  end-page: 398
  ident: bib14
  article-title: An abstract semantics tool for secure information flow of stack-based assembly programs
  publication-title: Microprocessors Microsyst.
– start-page: 103
  year: 2005
  end-page: 112
  ident: bib11
  article-title: Non-interference for a JVM-like language
  publication-title: TLDI ’05: Proceedings of the 2005 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation
– reference: D.E. Bell, L.J. La Padula, Secure computer systems: mathematical foundations and model, Technical Report M74-244, MITRE Corporation, Bedford, Massachusetts, 1973.
– volume: 49
  start-page: 234
  year: 2006
  end-page: 248
  ident: bib16
  article-title: Using control dependencies for space-aware bytecode verification
  publication-title: Comput. J.
– volume: vol. 2294
  start-page: 1
  year: 2002
  end-page: 15
  ident: bib13
  article-title: Combining abstract interpretation and model checking for analysing security properties of Java bytecode
  publication-title: Third International Workshop on Verification, Model Checking and Abstract Interpretation Proceedings, VMCAI 2002, Venice, January 21–22, 2002, Proceedings
– volume: 47
  start-page: 25
  year: 2004
  end-page: 45
  ident: bib9
  article-title: Analyzing information flow properties in assembly code by abstract interpretation
  publication-title: Comput. J.
– reference: P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V. Wiels, G. Zanon, Checking secure interactions of smart card applets, in: ESORICS 2000 Proceedings, 2000.
– start-page: 1
  year: 1998
  end-page: 10
  ident: bib43
  article-title: Secure information flow in a multi-threaded imperative language
  publication-title: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, January 19–21
– reference: S.Hunt, D. Sands, On flow-sensitive security types, in: J. Gregory Morrisett, Simon L. Peyton Jones (Eds.), Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, Charleston, South Carolina, USA, January 11–13, 2006, ACM, 2006, pp. 79–90.
– start-page: 63
  year: 2006
  end-page: 80
  ident: bib23
  article-title: Abstract interpretation to check secure information flow in programs with input-output security annotations
  publication-title: Formal Aspects in Security and Trust: Third International Workshop, FAST 2005, Newcastle upon Tyne, UK, July 18–19, 2005, Revised Selected Papers
– ident: 10.1016/j.ic.2007.04.002_bib12
– start-page: 83
  year: 1992
  ident: 10.1016/j.ic.2007.04.002_bib22
  article-title: Inductive definitions, semantics and abstract interpretations
– ident: 10.1016/j.ic.2007.04.002_bib32
  doi: 10.1145/1045405.1045411
– start-page: 103
  year: 2005
  ident: 10.1016/j.ic.2007.04.002_bib11
  article-title: Non-interference for a JVM-like language
– volume: 30
  start-page: 235
  issue: 3-4
  year: 2003
  ident: 10.1016/j.ic.2007.04.002_bib38
  article-title: Java bytecode verification: Algorithms and formalizations
  publication-title: J. Automated Reason.
  doi: 10.1023/A:1025055424017
– volume: 49
  start-page: 234
  issue: 2
  year: 2006
  ident: 10.1016/j.ic.2007.04.002_bib16
  article-title: Using control dependencies for space-aware bytecode verification
  publication-title: Comput. J.
  doi: 10.1093/comjnl/bxh161
– start-page: 147
  year: 1999
  ident: 10.1016/j.ic.2007.04.002_bib1
  article-title: A core calculus of dependency
– start-page: 11
  year: 1982
  ident: 10.1016/j.ic.2007.04.002_bib29
  article-title: Security policies and security models
– volume: 47
  start-page: 25
  issue: 1
  year: 2004
  ident: 10.1016/j.ic.2007.04.002_bib9
  article-title: Analyzing information flow properties in assembly code by abstract interpretation
  publication-title: Comput. J.
  doi: 10.1093/comjnl/47.1.25
– volume: 21
  start-page: 5
  issue: 1
  year: 2003
  ident: 10.1016/j.ic.2007.04.002_bib42
  article-title: Language-based information-flow security
  publication-title: IEEE Journal on Selected Areas in Communications
  doi: 10.1109/JSAC.2002.806121
– volume: 26
  start-page: 391
  issue: 8
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib14
  article-title: An abstract semantics tool for secure information flow of stack-based assembly programs
  publication-title: Microprocessors Microsyst.
  doi: 10.1016/S0141-9331(02)00064-9
– volume: 54
  start-page: 195
  issue: 2–3
  year: 2003
  ident: 10.1016/j.ic.2007.04.002_bib24
  article-title: Abstract interpretation and model checking for checking secure information flow in concurrent systems
  publication-title: Fundam. Inf.
– ident: 10.1016/j.ic.2007.04.002_bib28
  doi: 10.1145/964001.964017
– volume: vol. 2028
  start-page: 46
  year: 2001
  ident: 10.1016/j.ic.2007.04.002_bib46
  article-title: Secure information flow and CPS
– volume: 37
  start-page: 113
  issue: 1–3
  year: 2000
  ident: 10.1016/j.ic.2007.04.002_bib34
  article-title: A semantic approach to secure information flow
  publication-title: Sci. Comput. Prog.
  doi: 10.1016/S0167-6423(99)00024-6
– volume: vol. 2477
  start-page: 360
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib45
  article-title: Security typings by abstract interpretation
– volume: 83
  start-page: 101
  issue: 2
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib7
  article-title: Abstract interpretation of operational semantics for secure information flow
  publication-title: Inform. Process. Lett.
  doi: 10.1016/S0020-0190(02)00219-3
– ident: 10.1016/j.ic.2007.04.002_bib20
  doi: 10.1145/512950.512973
– ident: 10.1016/j.ic.2007.04.002_bib3
  doi: 10.1145/1111037.1111046
– volume: vol. 4
  start-page: 527
  year: 1995
  ident: 10.1016/j.ic.2007.04.002_bib33
  article-title: Abstract interpretation: a semantic based tool for program analysis
– volume: 34
  start-page: 1225
  issue: 13
  year: 2004
  ident: 10.1016/j.ic.2007.04.002_bib15
  article-title: Checking secure information flow in java bytecode by code transformation and standard bytecode verification
  publication-title: Softw. Pract. Exper.
  doi: 10.1002/spe.611
– ident: 10.1016/j.ic.2007.04.002_bib17
  doi: 10.1007/10722599_1
– ident: 10.1016/j.ic.2007.04.002_bib31
  doi: 10.1145/1111037.1111045
– volume: vol. 875
  start-page: 55
  year: 1994
  ident: 10.1016/j.ic.2007.04.002_bib6
  article-title: Compile-time detection of information flow in sequential programs
– ident: 10.1016/j.ic.2007.04.002_bib47
  doi: 10.1023/A:1020843229247
– volume: 28
  start-page: 3
  issue: 1
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib19
  article-title: Information flow for algol-like languages
  publication-title: Comput. Lang. (Special Issue: Computer Languages and Security)
– volume: vol. 3385
  start-page: 346
  year: 2005
  ident: 10.1016/j.ic.2007.04.002_bib27
  article-title: Information flow analysis for Java Bytecode
– ident: 10.1016/j.ic.2007.04.002_bib36
– volume: 51
  start-page: 1
  issue: 1
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib10
  article-title: A notion of non-interference for timed automata
  publication-title: Fundam. Inf.
– year: 1986
  ident: 10.1016/j.ic.2007.04.002_bib2
– volume: 2
  start-page: 56
  issue: 1
  year: 1980
  ident: 10.1016/j.ic.2007.04.002_bib4
  article-title: An axiomatic approach to information flow in programs
  publication-title: ACM Trans. Program. Lang. Syst.
  doi: 10.1145/357084.357088
– volume: vol. 2294
  start-page: 1
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib13
  article-title: Combining abstract interpretation and model checking for analysing security properties of Java bytecode
– ident: 10.1016/j.ic.2007.04.002_bib35
  doi: 10.1145/512927.512945
– start-page: 1
  year: 1998
  ident: 10.1016/j.ic.2007.04.002_bib43
  article-title: Secure information flow in a multi-threaded imperative language
– year: 1999
  ident: 10.1016/j.ic.2007.04.002_bib39
– volume: 32
  start-page: 319
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib37
  article-title: Bytecode verification for java smart card
  publication-title: Softw. Prac. Exper.
  doi: 10.1002/spe.438
– volume: 20
  start-page: 504
  issue: 7
  year: 1977
  ident: 10.1016/j.ic.2007.04.002_bib26
  article-title: Certification of programs for secure information flow
  publication-title: Comm. ACM
  doi: 10.1145/359636.359712
– start-page: 63
  year: 2006
  ident: 10.1016/j.ic.2007.04.002_bib23
  article-title: Abstract interpretation to check secure information flow in programs with input-output security annotations
– volume: vol. 3701
  start-page: 360
  year: 2005
  ident: 10.1016/j.ic.2007.04.002_bib40
  article-title: A typed assembly language for non-interference
– year: 2000
  ident: 10.1016/j.ic.2007.04.002_bib18
– volume: 2
  start-page: 511
  year: 1992
  ident: 10.1016/j.ic.2007.04.002_bib21
  article-title: Abstract interpretation frameworks
  publication-title: J. Logic Comp.
  doi: 10.1093/logcom/2.4.511
– start-page: 228
  year: 1999
  ident: 10.1016/j.ic.2007.04.002_bib41
  article-title: Jflow: practical mostly-static information flow control
– volume: 19
  start-page: 236
  issue: 5
  year: 1976
  ident: 10.1016/j.ic.2007.04.002_bib25
  article-title: A lattice model of secure information flow
  publication-title: Comm. ACM
  doi: 10.1145/360051.360056
– volume: 4
  start-page: 167
  issue: 3
  year: 1996
  ident: 10.1016/j.ic.2007.04.002_bib44
  article-title: A sound type system for secure flow analysis
  publication-title: J. Comput. Secur.
  doi: 10.3233/JCS-1996-42-304
– volume: 38
  start-page: 20
  issue: 12
  year: 2003
  ident: 10.1016/j.ic.2007.04.002_bib5
  article-title: Java bytecode verification for secure information flow
  publication-title: ACM SIGPLAN Notices
  doi: 10.1145/966051.966055
– start-page: 229
  year: 2002
  ident: 10.1016/j.ic.2007.04.002_bib8
  article-title: Checking security of Java bytecode by abstract interpretation
– start-page: 365
  year: 1998
  ident: 10.1016/j.ic.2007.04.002_bib30
  article-title: The SLam calculus: programming with secrecy and integrity
SSID ssj0011546
Score 1.792415
Snippet We propose a method to analyze secure information flow in stack-based assembly languages, communicating with the external environment by means of input and...
SourceID pascalfrancis
crossref
elsevier
SourceType Index Database
Enrichment Source
Publisher
StartPage 1334
SubjectTerms Abstract interpretation
Algorithmics. Computability. Computer arithmetics
Applied sciences
Combinatorics
Combinatorics. Ordered structures
Computer science; control theory; systems
Designs and configurations
Exact sciences and technology
Flow-sensitive
Language theory and syntactical analysis
Language-based security
Mathematics
Miscellaneous
Sciences and techniques of general use
Static analysis
Theoretical computing
Title Instruction-level security analysis for information flow in stack-based assembly languages
URI https://dx.doi.org/10.1016/j.ic.2007.04.002
Volume 205
WOSCitedRecordID wos000249570500004&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVESC
  databaseName: Elsevier SD Freedom Collection Journals 2021
  customDbUrl:
  eissn: 1090-2651
  dateEnd: 20171231
  omitProxy: false
  ssIdentifier: ssj0011546
  issn: 0890-5401
  databaseCode: AIEXJ
  dateStart: 19950101
  isFulltext: true
  titleUrlDefault: https://www.sciencedirect.com
  providerName: Elsevier
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV3NT9swFLcG7ABC--BDgwHygctUZUti5-uIoBOZREFaDxWXyHYcqaWEaikb_Pc8N7brggbjsEvUPsVNlffz-_Z7CB0mflXFjEmPgQPkUU64l0aMqUxhwETAVYul2bCJpNdLB4PsQmfwm9k4gaSu07u7bPJfWQ00YLY6OvsKdtsfBQJ8BqbDFdgO139ifD7vCeuNVUlQp9Ez6jrMdCCpZlXo9uBipxrf_FGRDzAVxZWnNFvZAataXvPxvQ1pNq4hmzur9dG4ye1iWv-k29YBdn8en1vQyenUKoIzMKbzXj4LDdzqkiETgEhshZWOimkV7gquzFcFF4ErZUM_cuCUOTITQEId_RuQdpLIE9nehhlGX4em86Tqex7O9ZjJ3T9Sb7boUJk-IG3oEloJkygDKb5ylHcHP2zSKdDnuszf11ntthxw8al_s2LWJ6yBvVW1Q1EcS6X_Ab3TLgY-aqHxEb2R9QZ6r90NrIV5AyQz0cPQNtCa054Svp3Znr7NJrp8AixsgIUNsDCAAjvAwgpYQMAOsLABFrbA2kL9793-8amnJ3N4AgzwKey3UoRxVHJwNuOKx6TMWMhSwksSEUY5jVjMiKDgzCeE-0y5ydL3JU8rcOhDso2W65tafkIYCH5JY0YTofpElaxMiZTgNVTw2iUnO-ibedGF0F3r1fCUcWHKE0fFUKhhqknh0wJYs4O-2BWTtmPLM_cSw7tCW5ytJVkA6J5ZdbDA5vljNMJ2X7rhM1qd76Q9tAzck_vorfg9HTa_DjQuHwCFs6qK
linkProvider Elsevier
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Instruction-level+security+analysis+for+information+flow+in+stack-based+assembly+languages&rft.jtitle=Information+and+computation&rft.au=DE+FRANCESCO%2C+Nicoletta&rft.au=MARTINI%2C+Luca&rft.date=2007-09-01&rft.pub=Elsevier&rft.issn=0890-5401&rft.volume=205&rft.issue=9&rft.spage=1334&rft.epage=1370&rft_id=info:doi/10.1016%2Fj.ic.2007.04.002&rft.externalDBID=n%2Fa&rft.externalDocID=19016384
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0890-5401&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0890-5401&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0890-5401&client=summon