Undecidability of static analysis
ACM Letters on Programming Languages and Systems (LOPLAS)
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Proceedings of the 11th USENIX Security Symposium
Using CQUAL for Static Analysis of Authorization Hook Placement
Proceedings of the 11th USENIX Security Symposium
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
Proceedings of the 11th USENIX Security Symposium
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Civitas: Toward a Secure Voting System
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Effective blame for information-flow violations
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Beyond assertions: advanced specification and verification with JML and ESC/Java2
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Preliminary design of the SAFE platform
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Multiple facets for dynamic information flow
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Hi-index | 0.00 |
Verifying that programs trusted to enforce security actually do so is a practical concern for programmers and administrators. However, there is a disconnect between the kinds of tools that have been successfully applied to real software systems (such as taint mode in Perl and Ruby), and information-flow compilers that enforce a variant of the stronger security property of noninterference. Tools that have been successfully used to find security violations have focused on explicit flows of information, where high-security information is directly leaked to output. Analysis tools that enforce noninterference also prevent implicit flows of information, where high-security information can be inferred from a program's flow of control. However, these tools have seen little use in practice, despite the stronger guarantees that they provide. To better understand why, this paper experimentally investigates the explicit and implicit flows identified by the standard algorithm for establishing noninterference. When applied to implementations of authentication and cryptographic functions, the standard algorithm discovers many real implicit flows of information, but also reports an extremely high number of false alarms, most of which are due to conservative handling of unchecked exceptions (e.g., null pointer exceptions). After a careful analysis of all sources of true and false alarms, due to both implicit and explicit flows, the paper concludes with some ideas to improve the false alarm rate, toward making stronger security analysis more practical.