Information flow analysis via path condition refinement

  • Authors:
  • Mana Taghdiri;Gregor Snelting;Carsten Sinz

  • Affiliations:
  • Karlsruher Institut für Technologie, Karlsruhe, Germany;Karlsruher Institut für Technologie, Karlsruhe, Germany;Karlsruher Institut für Technologie, Karlsruhe, Germany

  • Venue:
  • FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

We present a new approach to information flow control (IFC), which exploits counterexample-guided abstraction refinement (CEGAR) technology. The CEGAR process is built on top of our existing IFC analysis in which illegal flows are characterized using program dependence graphs (PDG) and path conditions (as described in [12]). Although path conditions provide an already precise abstraction that can be used to generate witnesses to the illegal flow, they may still cause false alarms. Our CEGAR process recognizes false witnesses by executing them and monitoring their executions, and eliminates them by automatically refining path conditions in an iterative way as needed. The paper sketches the foundations of CEGAR and PDG-based IFC, and describes the approach in detail. An example shows how the approach finds illegal flow, and demonstrates how CEGAR eliminates false alarms.