摘要: Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important policies such as confidentiality. An confidentiality policy might assert secret input data cannot be inferred by an attacker through attacker's observations output; this regulates information flow. Conventional mechanisms access control and encryption directly address enforcement information-flow policies. Previously, promising new approach has been developed: use programming-language techniques for specifying enforcing In paper, we survey past three decades research on security, particularly focusing work uses static program analysis to enforce We give structured view in area identify some open challenges.
acm.org
chalmers.se 
utdallas.edu 
utd.edu 参考文章(143)
Eric A. Brewer, David A. Wagner, Static analysis and computer security: new techniques for software assurance University of California, Berkeley. ,(2000)
Roberto Gorrieri, Riccardo Focardi, Foundations of Security Analysis and Design - Tutorial Lectures Lecture Notes in Computer Science. ,vol. 2171, ,(2001)
Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems international cryptology conference. ,vol. 1109, pp. 104- 113 ,(1996) , 10.1007/3-540-68697-5_9
David Sands, Johan Agat, On Confidentiality and Algorithms ieee symposium on security and privacy. pp. 64- 77 ,(2001)
Andrei Sabelfeld, The Impact of Synchronisation on Secure Information Flow in Concurrent Programs international andrei ershov memorial conference on perspectives of system informatics. pp. 225- 239 ,(2001) , 10.1007/3-540-45575-2_22
Chiara Bodei, Pierpaolo Degano, Flemming Nielson, Hanne Riis Nielson, Static Analysis of Processes for No and Read-Up nad No Write-Down foundations of software science and computation structure. ,vol. 1578, pp. 120- 134 ,(1999) , 10.1007/3-540-49019-1_9
Peter Sewell, Jan Vitek, Secure composition of untrusted code: box π, wrappers, and causality types Journal of Computer Security. ,vol. 11, pp. 135- 187 ,(2003) , 10.3233/JCS-2003-11202
P. Sewell, J. Vitek, Secure composition of untrusted code: wrappers and causality types ieee computer security foundations symposium. pp. 269- 284 ,(2000) , 10.1109/CSFW.2000.856943
Dorothy Elizabeth Robling Denning, Cryptography and data security ,(1982)
Riccardo Focardi, Roberto Gorrieri, A Classification of Security Properties for Process Algebras Journal of Computer Security. ,vol. 3, pp. 5- 33 ,(1995) , 10.3233/JCS-1994/1995-3103