A sound type system for secure flow analysis
Journal of Computer Security
A lattice model of secure information flow
Communications of the ACM
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Static Analysis for Secrecy and Non-interference in Networks of Processes
PaCT '01 Proceedings of the 6th International Conference on Parallel Computing Technologies
Abstract non-interference: parameterizing non-interference by abstract interpretation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow security in Boundary Ambients
Information and Computation
Type-based analysis of PIN processing APIs
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Information flow analysis for VHDL
PaCT'05 Proceedings of the 8th international conference on Parallel Computing Technologies
SAILS: static analysis of information leakage with sample
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
Protecting the confidentiality of information stored in a computer system or transmitted over a public network is a relevant problem in computer security. The approach of information flow analysis involves performing a static analysis of the program with the aim of proving that there will not be leaks of sensitive information. In this paper we propose a new domain that combines variable dependency analysis, based on propositional formulas, and variables' value analysis, based on polyhedra. The resulting analysis is strictly more accurate than the state of the art abstract interpretation based analyses for information leakage detection. Its modular construction allows to deal with the tradeoff between efficiency and accuracy by tuning the granularity of the abstraction and the complexity of the abstract operators.