Information Flow Control-by-Construction for an Object-Oriented Language

Simple item page
dc.contributor.authorRunge, Tobiasen
dc.contributor.authorKittelmann, Alexanderen
dc.contributor.authorServetto, Marcoen
dc.contributor.authorPotanin, Alexen
dc.contributor.authorSchaefer, Inaen
dc.coverage.spatialChamen
dc.date.accessioned2026-03-02T22:40:25Z
dc.date.available2026-03-02T22:40:25Z
dc.date.issued2022-10-01en
dc.description.abstractIn security-critical software applications, confidential information must be prevented from leaking to unauthorized sinks. Static analysis techniques are widespread to enforce a secure information flow by checking a program after construction. A drawback of these systems is that incomplete programs during construction cannot be checked properly. The user is not guided to a secure program by most systems. We introduce IFbCOO, an approach that guides users incrementally to a secure implementation by using refinement rules. In each refinement step, confidentiality or integrity (or both) is guaranteed alongside the functional correctness of the program, such that insecure programs are declined by construction. In this work, we formalize IFbCOO and prove soundness of the refinement rules. We implement IFbCOO in the tool CorC and conduct a feasibility study by successfully implementing case studies.en
dc.description.sponsorshipThis work was supported by KASTEL Security Research Labs.en
dc.description.statusPeer-revieweden
dc.format.extent18en
dc.identifier.isbn978-3-031-17107-9en
dc.identifier.isbn978-3-031-17108-6en
dc.identifier.issn0302-9743en
dc.identifier.otherdblp:conf/sefm/RungeKSPS22en
dc.identifier.otherORCID:/0000-0002-4242-2725/work/206894450en
dc.identifier.scopus85140434158en
dc.identifier.urihttps://hdl.handle.net/1885/733807000
dc.language.isoenen
dc.publisherSpringer Science+Business Media B.V.en
dc.relation.ispartofSoftware Engineering and Formal Methods - 20th International Conference, SEFM 2022, Proceedingsen
dc.relation.ispartofseries20th International Conference on Software Engineering and Formal Methods, SEFM 2022en
dc.relation.ispartofseriesLecture Notes in Computer Scienceen
dc.rightsPublisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.en
dc.subjectCorrectness-by-constructionen
dc.subjectInformation flow controlen
dc.subjectSecurity-by-designen
dc.titleInformation Flow Control-by-Construction for an Object-Oriented Languageen
dc.typeConference paperen
dspace.entity.typePublicationen
local.bibliographicCitation.lastpage226en
local.bibliographicCitation.startpage209en
local.contributor.affiliationRunge, Tobias; Technical University of Braunschweigen
local.contributor.affiliationKittelmann, Alexander; Technical University of Braunschweigen
local.contributor.affiliationServetto, Marco; Victoria University of Wellingtonen
local.contributor.affiliationPotanin, Alex; School of Computing, ANU College of Systems and Society, The Australian National Universityen
local.contributor.affiliationSchaefer, Ina; Technical University of Braunschweigen
local.identifier.ariespublicationa383154xPUB37170en
local.identifier.doi10.1007/978-3-031-17108-6_13en
local.identifier.essn1611-3349en
local.identifier.pure74403f90-3d1e-4a8b-87e9-f711ed11ff1cen
local.identifier.urlhttps://www.scopus.com/pages/publications/85140434158en
local.type.statusPublisheden

Downloads

Collections

ANU Research Publications

DSpace software copyright © 2002-2026 LYRASIS