| dc.contributor.advisor | Adam Chlipala. | en_US |
| dc.contributor.author | Shao, Christopher,M. Eng.Massachusetts Institute of Technology. | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. | en_US |
| dc.date.accessioned | 2019-12-05T18:05:54Z | |
| dc.date.available | 2019-12-05T18:05:54Z | |
| dc.date.copyright | 2019 | en_US |
| dc.date.issued | 2019 | en_US |
| dc.identifier.uri | https://hdl.handle.net/1721.1/123144 | |
| dc.description | This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. | en_US |
| dc.description | Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019 | en_US |
| dc.description | Cataloged from student-submitted PDF version of thesis. | en_US |
| dc.description | Includes bibliographical references (pages 59-60). | en_US |
| dc.description.abstract | One challenge of building software applications that handle sensitive information is ensuring that they meet certain security and privacy policies, which guide how the application should be written in order to satisfy particular security properties. Common examples of security policies include information-flow control and access control. In complex applications, which can be composed of many stateful components, it is hard to reason about all possible interactions and check that a policy is satisfied in every case. In this thesis, we present work on a new static-analysis framework in the Coq proof assistant to verify that implementations of applications meet their specified security policies, using proofs of indistinguishability of labeled transition systems. The primary goal of our framework is to be applicable to a wide variety of applications and policies, moreso than existing analysis tools. In addition to a formalization of applications and policies, we discuss some theorems to reduce manual proof effort and enable modular development. Finally, we apply our framework to some simple examples. | en_US |
| dc.description.statementofresponsibility | by Christopher Shao. | en_US |
| dc.format.extent | 60 pages | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Electrical Engineering and Computer Science. | en_US |
| dc.title | A framework for specifying and formally verifying application security policies | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | M. Eng. | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.identifier.oclc | 1128823765 | en_US |
| dc.description.collection | M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science | en_US |
| dspace.imported | 2019-12-05T18:05:53Z | en_US |
| mit.thesis.degree | Master | en_US |
| mit.thesis.department | EECS | en_US |
