The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Semantics of programming languages: structures and techniques
Semantics of programming languages: structures and techniques
The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
ICSE '81 Proceedings of the 5th international conference on Software engineering
The program dependence graph in a software development environment
SDE 1 Proceedings of the first ACM SIGSOFT/SIGPLAN software engineering symposium on Practical software development environments
Program slices: formal, psychological, and practical investigations of an automatic program abstraction method
A brief survey of program slicing
ACM SIGSOFT Software Engineering Notes
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
Hi-index | 0.00 |
Bugs in programs implementing security features can be catastrophic: for example they may be exploited by malign users to gain access to sensitive data. These exploits break the confidentiality of information. All security analyses assume that softwares implementing security features correctly implement the security policy, i.e.are security bug-free. This assumption is almost always wrong and IT security administrators consider that any software that has no security patches on a regular basis should be replaced as soon as possible. As programs implementing security features are usually large, manual auditing is very error prone and testing techniques are very expensive. This article proposes to reduce the code that has to be audited by applying a program reduction technique called slicing. Slicing transforms a source code into an equivalent one according to a set of criteria. We show that existing slicing criteria do notpreserve the confidentiality of information. We introduce a new automatic and correct source-to-source method properly preserving the confidentiality of information i.e.confidentiality is guaranteed to be exactly the same in the original program and in the sliced program.