Options
Transformational typing and unification for automatically correcting insecure programs
Publikationstyp
Journal Article
Date Issued
2007-03-02
Sprache
English
Author(s)
Mantel, Heiko
Volume
6
Issue
2/3
Start Page
107
End Page
131
Citation
International Journal of Information Security 6 (2/3): 107-131 (2007-03-02)
Publisher DOI
Scopus ID
Publisher
Springer
Before starting a rigorous security analysis of a given software system, the most likely outcome is often already clear, namely that the system is not entirely secure. Modifying a program such that it passes the analysis is a difficult problem and usually left entirely to the programmer. In this article, we show that and how unification can be used to compute such program transformations. This opens a new perspective on the problem of correcting insecure programs. We also demonstrate that integrating our approach into an existing transforming type system can improve the precision of the analysis and the quality of the resulting programs.
Subjects
Information flow control
Language-based security
Security type system
Unification
DDC Class
004: Informatik