Skip to main content
Conference ProceedingsOPEN ACCESS

Static enforcement of security in runtime systems

Proceedings - IEEE Computer Security Foundations Symposium (2019) 2019-June 335-350
DOI: 10.1109/CSF.2019.00030
3Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Underneath every modern programming language is a runtime environment (RTE) that handles features such as automatic memory management and thread scheduling. In the information-flow control (IFC) literature, the RTE is often part of the trusted computing base (TCB), and there has been little focus on applying IFC to the implementation of the RTE itself. In this paper we address this problem by designing an IFC language, Zee, for implementing secure RTEs, thereby removing the RTE from the TCB. We implement Zee and design and implement secure versions of garbage collectors and thread schedulers using Zee. We also prove that a faithful calculus of Zee satisfies a strong variant of timing-sensitive noninterference.

Author supplied keywords

References Powered by Scopus

Certification of Programs for Secure Information Flow

Communications of the ACM
775Citations
N/AReaders
Get full text

Sound type system for secure flow analysis

Journal of Computer Security
738Citations
N/AReaders
Get full text

Region-Based Memory Management

Information and Computation
431Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Securing Asynchronous Exceptions

Proceedings - IEEE Computer Security Foundations Symposium
1Citations
N/AReaders
Get full text

Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels

Proceedings - 2024 International Symposium on Secure and Private Execution Environment Design, SEED 2024
0Citations
N/AReaders
Get full text

Metadata Privacy Beyond Tunneling for Instant Messaging

Proceedings - 9th IEEE European Symposium on Security and Privacy, Euro S and P 2024
0Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Vorreiter Pedersen, M., & Askarov, A. (2019). Static enforcement of security in runtime systems. In Proceedings - IEEE Computer Security Foundations Symposium (Vol. 2019-June, pp. 335–350). IEEE Computer Society. https://doi.org/10.1109/CSF.2019.00030

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 3

60%

Researcher 2

40%

Readers' Discipline

Tooltip

Computer Science 3

60%

Physics and Astronomy 1

20%

Engineering 1

20%

Save time finding and organizing research with Mendeley

Sign up for free