Are computing systems trustworthy? To answer this, we need to know three things: what the systems are supposed to do, what they are not supposed to do, and what they actually do. A...
We address the programmatic realization of the access control model of security in distributed systems. Our aim is e the gap between abstract/declarative policies and their concre...
Andrew Cirillo, Radha Jagadeesan, Corin Pitcher, J...
Noninterference requires that public outputs of a program must be completely independent from secrets. While this ensures that secrets cannot be leaked, it is too restrictive for m...
We enforce information flow policies in programs that run at multiple locations, with diverse levels of security. We build a compiler from a small imperative language with locali...
This paper provides a way to specify expressive declassification policies, in particular, when, what, and where policies that include conditions under which downgrading is allowed...
Anindya Banerjee, David A. Naumann, Stan Rosenberg