Towards a Type System for Security APIs

Free registration required

Executive Summary

Security API analysis typically only considers a subset of an API's functions, with results bounded by the number of function calls. Furthermore, attacks involving partial leakage of sensitive information are usually not covered. Type-based static analysis has the potential to alleviate these shortcomings. To that end, the authors present a type system for secure information flow based upon the one of Volpano, Smith and Irvine, extended with types for cryptographic keys and cipher-text similar to those in Sumii and Pierce. In contrast to some other type systems, the encryption and decryption of keys does not require special treatment.

  • Format: PDF
  • Size: 143.29 KB