Zobrazeno 1 - 10
of 29
pro vyhledávání: '"Aslan Askarov"'
Autor:
Aslan Askarov, Andrew Myers
Publikováno v:
Logical Methods in Computer Science, Vol Volume 7, Issue 3 (2011)
Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mech
Externí odkaz:
https://doaj.org/article/b36c1f8f5ae544f8947c039efbd8fb5e
Publikováno v:
EuroS&P
Ahmadpanah, M M, Askarov, A & Sabelfeld, A 2021, Nontransitive policies transpiled . in 2021 IEEE European Symposium on Security and Privacy (EuroS &P) . IEEE, pp. 543-561, 6th IEEE European Symposium on Security and Privacy, Virtual, Online, Austria, 06/09/2021 . https://doi.org/10.1109/EuroSP51992.2021.00043
Ahmadpanah, M M, Askarov, A & Sabelfeld, A 2021, Nontransitive policies transpiled . in 2021 IEEE European Symposium on Security and Privacy (EuroS &P) . IEEE, pp. 543-561, 6th IEEE European Symposium on Security and Privacy, Virtual, Online, Austria, 06/09/2021 . https://doi.org/10.1109/EuroSP51992.2021.00043
Nontransitive Noninterference (NTNI) and Nontransitive Types (NTT) are a new security condition and enforcement for policies which, in contrast to Denning's classical lattice model, assume no transitivity of the underlying flow relation. Nontransitiv
Publikováno v:
Blaabjerg, J F & Askarov, A 2021, ' Towards Language-Based Mitigation of Traffic Analysis Attacks ', Paper presented at 34th IEEE Computer Security Foundations Symposium, Online, United States, 21/06/2021-24/06/2021 .
CSF
CSF
Traffic analysis attacks pose a major risk for online security. Distinctive patterns in communication act as fingerprints, enabling adversaries to de-anonymise communicating parties or to infer sensitive information. Despite the attacks being known f
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_dedup___::74ffb9d1ac90df7a6864f8ba672ebe08
https://pure.au.dk/ws/files/223915849/selene.pdf
https://pure.au.dk/ws/files/223915849/selene.pdf
Autor:
Johan Bay, Aslan Askarov
Publikováno v:
Bay, J & Askarov, A 2020, Reconciling progress-insensitive noninterference and declassification . in 2020 IEEE 33rd Computer Security Foundations Symposium (CSF) . IEEE, Proceedings-IEEE Computer Security Foundations Symposium, vol. 2020-June, pp. 95-106, 33rd IEEE Computer Security Foundations Symposium, CSF 2020, Virtual, Online, United States, 22/06/2020 . https://doi.org/10.1109/CSF49147.2020.00015
CSF
CSF
Practitioners of secure information flow often face a design challenge: what is the right semantic treatment of leaks via termination? On the one hand, the potential harm of untrusted code calls for strong progress-sensitive security. On the other ha
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_dedup___::22c07bf456a342f64640ae4b941cbf0a
Publikováno v:
Lecture Notes in Computer Science ISBN: 9783030171377
POST
POST
Safely integrating third-party code in applications while protecting the confidentiality of information is a long-standing problem. Pure functional programming languages, like Haskell, make it possible to enforce lightweight information-flow control
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::0c6a8d4d1a6c90549fee6b832b5ec3aa
https://doi.org/10.1007/978-3-030-17138-4_3
https://doi.org/10.1007/978-3-030-17138-4_3
Publikováno v:
Pedersen, M & Askarov, A 2019, Static Enforcement of Security in Runtime Systems . in Proceedings-2019 IEEE 32nd Computer Security Foundations Symposium, CSF 2019 ., 8823712, IEEE, pp. 335-350, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), Hoboken, United States, 25/06/2019 . https://doi.org/10.1109/CSF.2019.00030
CSF
CSF
Underneath every modern programming language is a runtime environment (RTE) that handles features such as automatic memory management and thread scheduling. In the information-flow control (IFC) literature, the RTE is often part of the trusted comput
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_dedup___::17bb97ea963d282bc21862005fcf8e54
https://pure.au.dk/ws/files/160409872/Zee_paper.pdf
https://pure.au.dk/ws/files/160409872/Zee_paper.pdf
This book constitutes the refereed proceedings of the 24th Nordic Conference on Secure IT Systems, NordSec 2019, held in Aalborg, Denmark, in November 2019. The 17 full papers presented in this volume were carefully reviewed and selected from 32 subm
Publikováno v:
Lecture Notes in Computer Science ISBN: 9783319897219
POST
POST
Reasoning about information flow in a concurrent setting is notoriously difficult due in part to timing channels that may leak sensitive information. In this paper, we present a compositional and flexible type-and-effect system that guarantees non-in
Externí odkaz:
https://explore.openaire.eu/search/publication?articleId=doi_________::dea08aa91ef6755b5521541d9144a8bf
https://doi.org/10.1007/978-3-319-89722-6_3
https://doi.org/10.1007/978-3-319-89722-6_3
Publikováno v:
IEEE Symposium on Security and Privacy
Pedersen, M V & Askarov, A 2017, From Trash to Treasure : Timing-Sensitive Garbage Collection . in 2017 IEEE Symposium on Security and Privacy, SP 2017-Proceedings ., 7958605, IEEE Computer Society Press, pp. 693-709, 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, United States, 22/05/2017 . https://doi.org/10.1109/SP.2017.64
Pedersen, M V & Askarov, A 2017, From Trash to Treasure : Timing-Sensitive Garbage Collection . in 2017 IEEE Symposium on Security and Privacy, SP 2017-Proceedings ., 7958605, IEEE Computer Society Press, pp. 693-709, 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, United States, 22/05/2017 . https://doi.org/10.1109/SP.2017.64
This paper studies information flows via timing channels in the presence ofautomatic memory management. We construct a series of example attacks thatillustrate that garbage collectors form a shared resource that can be used toreliably leak sensitive
Publikováno v:
PLDI
We propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive mi