TY - GEN
T1 - Jifclipse
T2 - PLAS'07 - 2007 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
AU - Hicks, Boniface
AU - King, Dave
AU - McDaniel, Patrick
PY - 2007
Y1 - 2007
N2 - Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because information flows can be quite subtle, simple error messages tend to be insufficient for finding and resolving the source of information leaks; more sophisticated development tools are needed for this task. To this end we provide a set of principles to guide the development of such tools. Furthermore, we implement a subset of these principles in an integrated development environment (IDE) for Jif, called Jifclipse, which is built on the Eclipse extensible development platform. Our plug-in provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. Better development tools are essential for making security-typed application development practical; Jifclipse is a first step in this process.
AB - Security-typed languages such as Jif require the programmer to label variables with information flow security policies as part of application development. The compiler then flags errors wherever information leaks may occur. Resolving these information leaks is a critical task in security-typed language application development. Unfortunately, because information flows can be quite subtle, simple error messages tend to be insufficient for finding and resolving the source of information leaks; more sophisticated development tools are needed for this task. To this end we provide a set of principles to guide the development of such tools. Furthermore, we implement a subset of these principles in an integrated development environment (IDE) for Jif, called Jifclipse, which is built on the Eclipse extensible development platform. Our plug-in provides a Jif programmer with additional tools to view hidden information generated by a Jif compilation, to suggest fixes for errors, and to get more specific information behind an error message. Better development tools are essential for making security-typed application development practical; Jifclipse is a first step in this process.
UR - http://www.scopus.com/inward/record.url?scp=36448948266&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=36448948266&partnerID=8YFLogxK
U2 - 10.1145/1255329.1255331
DO - 10.1145/1255329.1255331
M3 - Conference contribution
AN - SCOPUS:36448948266
SN - 1595937110
SN - 9781595937117
T3 - PLAS'07 - Proceedings of the 2007 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
SP - 1
EP - 10
BT - PLAS'07 - Proceedings of the 2007 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Y2 - 14 June 2007 through 14 June 2007
ER -