Security proportional to effort.
The Accrue project aims to provide language-based information security guarantees that are proportional to programmer effort. With little effort, a programmer may receive only weak (but, ideally, formal) guarantees; with more effort, a programmer should receive stronger guarantees.
Software
The Accrue Interprocedural Java Analysis Framework (Accrue) is a framework for interprocedural analysis of Java programs. It is built using the Polyglot extensible compiler framework, and is also suitable for interprocedural analysis of programs written in Java language extensions implemented with Polyglot. We developed Accrue to enable inference and discovery of strong information security guarantees in Java programs.
- Version 0.3, released June 2014: accrue-v0.3.zip
- PLDI 2014 tutorial slides and exercises
Pidgin is a program analysis and understanding tool that enables the specification and enforcement of precise application-specific information security guarantees. Pidgin combines program-dependence graphs (PDGs), which precisely capture the information flows in a whole application, with a custom PDG query language. Queries express properties about the paths in the PDG; because paths in the PDG correspond to information flows in the application, queries can be used to specify global security policies.
- Version 2015-11-23, released November 2015: pidgin-2015-11-23.zip
AbcDatalog is an open-source Datalog engine implemented in Java. It provides ready-to-use implementations of common Datalog evaluation algorithms, including efficient multi-threaded versions of bottom-up and magic set transformation techniques. See the AbcDatalog web page for more details.
People
- Owen Arden (post doc)
- Stephen Chong (PI)
- Anitha Gollamudi
- Scott Moore
- Alums
- Jo Booth (undergrad)
- Ling-ya Chao (undergrad)
- Hannah Gommerstadt (undergrad)
- Andrew Johnson
- Dan King
- Louis Li (undergrad)
- Frank Moda III (masters)
- Stefan Muller (undergrad)
- Ramya Rangan (undergrad)
- Jeff Vaughan (postdoc)
Publications
- Automatic Enforcement of Expressive Security Policies using Enclaves
.
Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), October 2016.
[ Abstract | PDF | Technical Report | BibTeX ] - Automatic Enforcement of Expressive Security Policies using Enclaves
.
Harvard University Technical Report TR-02-16, 2016.
[ DASH | BibTeX ] - Precise, Dynamic Information Flow for Database-Backed Applications
.
Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2016.
[ Abstract | PDF | BibTeX ] - Correct Audit Logging: Theory and Practice
.
5th International Conference on Principles of Security and Trust (POST), April 2016.
[ Abstract | PDF | BibTeX ] - Using Architecture to Reason about Information Security
.
ACM Transactions on Information and System Security 18(2), December 2015.
[ Abstract | ACM DL | BibTeX ] - It’s My Privilege: Controlling Downgrading in DC-Labels
.
Proceedings of the 11th International Workshop on Security and Trust Management (STM), September 2015.
[ Abstract | PDF | BibTeX ] - Hybrid Monitors for Concurrent Noninterference
.
Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF), July 2015.
[ Abstract | PDF | Technical Report | BibTeX ] - Global and Local Monitors to Enforce Noninterference in Concurrent Programs
.
Harvard University Technical Report TR-02-15, 2015.
[ Abstract | PDF | BibTeX ] - Cryptographic Enforcement of Language-Based Erasure
.
Proceedings of the 28th IEEE Computer Security Foundations Symposium (CSF), July 2015.
[ Abstract | PDF | GitHub | BibTeX ] - Exploring and Enforcing Security Guarantees via Program Dependence Graphs
.
Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 291–302, June 2015.
[ Abstract | PDF | Video abstract | Software | BibTeX ] - Declarative Policies for Capability Control
.
Proceedings of the 27th IEEE Computer Security Foundations Symposium (CSF), June 2014.
[ Abstract | PDF | BibTeX ] - Enforcing Language Semantics Using Proof-Carrying Data
.
August 2013.
http://eprint.iacr.org/2013/513
[ Abstract | IACR ePrint Archive | BibTeX ] - Asynchronous Functional Reactive Programming for GUIs
.
Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 411–422, June 2013.
[ Abstract | Elm web site | PDF | BibTeX ] - Towards Fully Automatic Placement of Security Sanitizers and Declassifiers
.
Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 385–398, January 2013.
[ Abstract | PDF | BibTeX ] - Using architecture to reason about information security
.
Proceedings of the 6th Layered Assurance Workshop (LAW), pages 1–11, 2012.
[ Abstract | BibTeX ] - Required Information Release
.
Journal of Computer Security 20(6):637–676, 2012.
[ Abstract | IOS Press | BibTeX ] - Towards a Practical Secure Concurrent Language
.
Proceedings of the 25th Annual ACM SIGPLAN Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications (OOPSLA), pages 57–74, October 2012.
[ Abstract | PDF | Technical Report | BibTeX ] - Precise Enforcement of Progress-Sensitive Security
.
Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), pages 881–893, October 2012.
Errata: This PDF corrects a typo in the typing rule for While that is present in the archival CCS version of the paper.
[ Abstract | PDF | BibTeX ] - Learning is Change in Knowledge: Knowledge-based Security for Dynamic Policies
.
Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF), pages 308–322, June 2012.
[ Abstract | PDF | Technical Report | BibTeX ] - Inference of Expressive Declassification Policies
.
Proceedings of the 2011 IEEE Symposium on Security and Privacy (Oakland), pages 180–195, May 2011.
[ Abstract | PDF | BibTeX ]
Acknowledgments
This material is based upon work supported by the National Science Foundation under Grant No. 1054172. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.