The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Interprocedural slicing using dependence graphs
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Analysis and Testing of Programs with Exception Handling Constructs
IEEE Transactions on Software Engineering
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
An overview of methods for dependence analysis of concurrent programs
ACM SIGPLAN Notices
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
What is Intransitive Noninterference?
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Program slices: formal, psychological, and practical investigations of an automatic program abstraction method
ACM Transactions on Software Engineering and Methodology (TOSEM)
A brief survey of program slicing
ACM SIGSOFT Software Engineering Notes
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
Efficient path conditions in dependence graphs for software safety analysis
ACM Transactions on Software Engineering and Methodology (TOSEM)
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Dynamic Dependency Monitoring to Secure Information Flow
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Automaton-based Confidentiality Monitoring of Concurrent Programs
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
A new foundation for control dependence and slicing for modern program structures
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special Issue ESOP'05
Intransitive Noninterference in Dependence Graphs
ISOLA '06 Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation
A certified lightweight non-interference java bytecode verifier
ESOP'07 Proceedings of the 16th European conference on Programming
Automata-based confidentiality monitoring
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Dynamic information flow control architecture for web applications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Secure multi-execution through static program transformation
FMOODS'12/FORTE'12 Proceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems
Hi-index | 0.00 |
This paper deals with the problem of protect the confidentiality of data manipulated by sequential programs. In this context, secure information flow refers to the guarantee that program executions are free of non authorized flows of secret information into public channels. There are two established means to enforce information flow policies: static analyses, that are performed at compile time and guarantee that all program executions are free of unauthorized flows; and runtime monitoring, that dynamically detects and neutralizes invalid flows for the current run. Both approaches have their advantages and disadvantages. The main disadvantages of static information flow control (IFC) is, that it does not differentiate between secure and insecure executions of the same program, therefore whole programs are rejected in presence of possible invalid flows. On the contrary, dynamic IFC rejects insecure executions only. This analysis precision comes at the price of the execution overload that imposes the dynamic tracking of information flow. This work presents secure slicing, a technique that statically transforms probably insecure (interfering) programs into secure (non-interfering) ones. Our approach combines static analysis of information flow and program transformation: if invalid flows are detected, instead of rejecting the whole program, we transform it to eliminate the invalid flows. This way, we alleviate drawbacks of static and dynamic approaches: neither we reject full programs nor we impose run-time overhead. The resulting program can be seen as a secure slice of the source program that can be executed without risk of information leaks. In this work we also show that secure slices can be computed for programs that intentionally release secret information, and that the technique can be applied to real programming languages such as Java.