The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Interprocedural slicing using dependence graphs
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Information Processing Letters
IEEE Transactions on Software Engineering
A framework for generalized control dependence
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Certification of programs for secure information flow
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Interprocedural control dependence
ACM Transactions on Software Engineering and Methodology (TOSEM)
Program slices: formal, psychological, and practical investigations of an automatic program abstraction method
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Detecting and Debugging Insecure Information Flows
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Pruning dynamic slices with confidence
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Towards locating execution omission errors
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Efficient online detection of dynamic control dependence
Proceedings of the 2007 international symposium on Software testing and analysis
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Tracing lineage beyond relational operators
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Pointless tainting?: evaluating the practicality of pointer tainting
Proceedings of the 4th ACM European conference on Computer systems
Penumbra: automatically identifying failure-relevant inputs using dynamic tainting
Proceedings of the eighteenth international symposium on Software testing and analysis
Dowsing for overflows: a guided fuzzer to find buffer boundary violations
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
Program control dependence has substantial impact on applications such as dynamic information flow tracking and data lineage tracing (a technique tracking the set of inputs that affects individual outputs). Without considering control dependence, information can leak via implicit channels without being tracked; important inputs may be absent from output lineage. However, considering control dependence may lead to a large volume of false alarms in information flow tracking or undesirably large lineage sets. We identify a special type of control dependence called strict control dependence (SCD). The nature of SCDs highly resembles that of data dependences, reflecting strong correlations between statements and hence should be considered the same way as data dependences in various applications. We formally define the semantics. We also describe a cost-effective design that allows tracing only strict control dependence. Our empirical evaluation shows that the proposed technique has very low overhead and it greatly improves the effectiveness of lineage tracing and taint analysis.