Skip to main content
Conference ProceedingsOPEN ACCESS

Static enforcement of security in runtime systems

Proceedings - IEEE Computer Security Foundations Symposium (2019) 2019-June 335-350
DOI: 10.1109/CSF.2019.00030
3Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Underneath every modern programming language is a runtime environment (RTE) that handles features such as automatic memory management and thread scheduling. In the information-flow control (IFC) literature, the RTE is often part of the trusted computing base (TCB), and there has been little focus on applying IFC to the implementation of the RTE itself. In this paper we address this problem by designing an IFC language, Zee, for implementing secure RTEs, thereby removing the RTE from the TCB. We implement Zee and design and implement secure versions of garbage collectors and thread schedulers using Zee. We also prove that a faithful calculus of Zee satisfies a strong variant of timing-sensitive noninterference.

Author supplied keywords

Cite

CITATION STYLE

APA

Vorreiter Pedersen, M., & Askarov, A. (2019). Static enforcement of security in runtime systems. In Proceedings - IEEE Computer Security Foundations Symposium (Vol. 2019-June, pp. 335–350). IEEE Computer Society. https://doi.org/10.1109/CSF.2019.00030

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free