Security
Our projects in security are broadly focussed in two directions. The
first direction is on exploring model checking based techniques for
analyzing access control policies and for verifying security
properties of programs. The second direction is towards developing
program transformation techniques for preventing leakage of
confidential information.
-
DEICS: Data Erasure In Concurrent Software (with
K. Gondi and V. N. Venkatakrishnan), The 19th Nordic Conference on Secure IT Systems (NordSec 2014),Tromso,Norway, October 15-17, 2014.
-
WEBLOG:A Declarative Language for Secure Web Development
(with T. Hinrichs, D. Rosetti, G. Petronella,
V. Venkatakrishnan and L. Zuck), ACM SIGPLAN Eighth Workshop on
Programming Languages and Analysis for Security (PLAS), June 2013, Seattle, Washington.
-
SWIPE: Eager Erasure of Sensitive Data in Large scale Systems
Software (with K. Gondi, P. Bisht, P. Venkatachari and
V. N. Venkatakrishnan),Second ACM Conference on Data and Application Security and Privacy (CODASPY 012), pp 295-306, Feb 7-9, 2012, San Antonio, TX.
-
TAPS: Automatically Preparing Safe SQL Queries (with Prithvi Bisht and V.N. Venkatakrishnan), ACM Conference on Computer and Communication Security 2010 (CCS'2010), October, Chicago, Illinois (Demo paper).
-
Automatically Preparing Safe SQL Queries (with Prithvi Bisht and V.N. Venkatakrishnan), Fourteenth International Conference on Financial Cryptography and Data Security’10, Tenerife, Canary Islands, Spain, January 2010.
-
CMV: Automatic Verification of Complete Mediation for Java Virtual Machines (with V. N. Venkatakrishnan, M. Zhou, H. Branske),ACM Symposium on Information, Computer and Communication Security (ASIACCS'08), Tokyo 18-20 March 2008.
-
Preventing Information Leaks Through Shadow executions (with R. Capizzi, A. Longo and V. N. Venkatakrishnan), Annual Computer Security
Applications Conference (ACSAC 2008), Annaheim, California, December 2008.
-
Analysis of Dynamic Policies (with Min Zhou) FCS-ARSPA'06, Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis, Seattle, August 15-16, 2006.
-
Analysis of Dynamic Policies (with M. Zhou), Information and Computation, Vol. 206/2-4, pp 185-212.
-
Language based Policy Analysis in a SPKI Trust Management System (with Arun Eamani) Fourth PKI Annual R&D Workshop: Multiple Paths to Trust, NIST Gaithersburg, Maryland, April 2005.
- Language based Policy Analysis in SPKI Trust Management Systems (with A. Eamani),Journal of Computer Security Volume 14, Number 4(2006), pp 327-357.