The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Information Processing Letters
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
IEEE Transactions on Software Engineering
Forward computation of dynamic program slices
ISSTA '94 Proceedings of the 1994 ACM SIGSOFT international symposium on Software testing and analysis
A new model of program dependences for reverse engineering
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Reachability analysis of feature interactions: a progress report
ISSTA '96 Proceedings of the 1996 ACM SIGSOFT international symposium on Software testing and analysis
Computation of Dynamic Program Slices for Unstructured Programs
IEEE Transactions on Software Engineering
The Feature and Service Interaction Problem in Telecommunications Systems: A Survey
IEEE Transactions on Software Engineering
An efficient relevant slicing method for debugging
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
Which pointer analysis should I use?
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
jRapture: A Capture/Replay tool for observation-based testing
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Interprocedural control dependence
ACM Transactions on Software Engineering and Methodology (TOSEM)
Cryptography and data security
Cryptography and data security
Java Virtual Machine Specification
Java Virtual Machine Specification
High Performance Compilers for Parallel Computing
High Performance Compilers for Parallel Computing
Web Hacking: Attacks and Defense
Web Hacking: Attacks and Defense
Incremental Regression Testing
ICSM '93 Proceedings of the Conference on Software Maintenance
Precise dynamic slicing algorithms
Proceedings of the 25th International Conference on Software Engineering
Dynamic Slicing Method for Maintenance of Large C Programs
CSMR '01 Proceedings of the Fifth European Conference on Software Maintenance and Reengineering
Secure information flow in computer systems.
Secure information flow in computer systems.
The significance of program dependences for software testing, debugging, and maintenance
The significance of program dependences for software testing, debugging, and maintenance
Experimenting with a Policy-Based HIDS Based on an Information Flow Control Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Efficient Forward Computation of Dynamic Slices Using Reduced Ordered Binary Decision Diagrams
Proceedings of the 26th International Conference on Software Engineering
Using Compressed Bytecode Traces for Slicing Java Programs
Proceedings of the 26th International Conference on Software Engineering
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Detecting and Debugging Insecure Information Flows
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Dynamic information flow analysis, slicing and profiling
Dynamic information flow analysis, slicing and profiling
Proceedings of the 27th international conference on Software engineering
Using dynamic information flow analysis to detect attacks against applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Experimental evaluation of using dynamic slices for fault location
Proceedings of the sixth international symposium on Automated analysis-driven debugging
Dynamic path conditions in dependence graphs
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Pruning dynamic slices with confidence
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Locating faults through automated predicate switching
Proceedings of the 28th international conference on Software engineering
An empirical study of the strength of information flows in programs
Proceedings of the 2006 international workshop on Dynamic systems analysis
TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting
ISCC '06 Proceedings of the 11th IEEE Symposium on Computers and Communications
Memoized Forward Computation of Dynamic Slices
ISSRE '06 Proceedings of the 17th International Symposium on Software Reliability Engineering
A simulation-based proof technique for dynamic information flow
Proceedings of the 2007 workshop on Programming languages and analysis for security
An Empirical Study of Test Case Filtering Techniques Based on Exercising Information Flows
IEEE Transactions on Software Engineering
Efficient online detection of dynamic control dependence
Proceedings of the 2007 international symposium on Software testing and analysis
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Quantitative information-flow tracking for real systems
Quantitative information-flow tracking for real systems
IEEE Transactions on Software Engineering
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
An empirical study of the factors that reduce the effectiveness of coverage-based fault localization
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Causal inference for statistical fault localization
Proceedings of the 19th international symposium on Software testing and analysis
The potential of using dynamic information flow analysis in data value prediction
Proceedings of the 19th international conference on Parallel architectures and compilation techniques
An algorithm for capturing variables dependences in test suites
Journal of Systems and Software
Leveraging Strength-Based Dynamic Information Flow Analysis to Enhance Data Value Prediction
ACM Transactions on Architecture and Code Optimization (TACO)
Prevalence of coincidental correctness and mitigation of its impact on fault localization
ACM Transactions on Software Engineering and Methodology (TOSEM)
Generating profile-based signatures for online intrusion and failure detection
Information and Software Technology
| Hi-index | 0.00 |
A new approach to dynamic information flow analysis (DIFA) is presented, and its applications to intrusion detection, software testing and program debugging are discussed. The approach is based on a new forward-computing algorithm that enables online analysis when fast response is not critical. A new forward-computing algorithm for dynamic slicing is also presented, which is more precise than previous forward-computing algorithms and is not restricted to programs with structured control flow. The DIFA and slicing algorithms both rely on a new, precise direct dynamic control dependence algorithm, which requires only constant time per program action. The correctness of this algorithm depends on special, graph-theoretic properties of control dependence, which are established here. A tool called DynFlow is described that implements the proposed approach in order to support analysis of Java byte code programs, and two case studies are presented to illustrate how DynFlow can be used to detect and debug insecure flows. Finally, since dynamic analysis alone is inherently unable to detect implicit information flows, an extension to our approach is described that enables it to detect most implicit information flows at runtime.