A sound analysis for secure information flow using abstract memory graphs

Authors:
Dorina Ghindici;Isabelle Simplot-Ryl;Jean-Marc Talbot
Affiliations:
CNRS/INRIA/Univ. Lille 1, France;CNRS/INRIA/Univ. Lille 1, France;LIF/CNRS/Univ. de Provence, France
Venue:
FSEN'09 Proceedings of the Third IPM international conference on Fundamentals of Software Engineering
Year:
2009

Citing 16
Cited 0

What's in a region?: or computing control dependence regions in near-linear time for reducible control flow

ACM Letters on Programming Languages and Systems (LOPLAS)
A core calculus of dependency

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Compositional pointer and escape analysis for Java programs

Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A sound type system for secure flow analysis

Journal of Computer Security
A lattice model of secure information flow

Communications of the ACM
Pointer and escape analysis for multithreaded programs

PPoPP '01 Proceedings of the eighth ACM SIGPLAN symposium on Principles and practices of parallel programming
Principles of Program Analysis

Principles of Program Analysis
Secure Information Flow and Pointer Confinement in a Java-like Language

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Java bytecode verification for secure information flow

ACM SIGPLAN Notices
On flow-sensitive security types

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A logic for information flow in object-oriented programs

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Embedding verifiable information flow analysis

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A certified lightweight non-interference java bytecode verifier

ESOP'07 Proceedings of the 16th European conference on Programming
Information flow analysis for java bytecode

VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present a flow-sensitive analysis for secure information flow for Java bytecode. Our approach consists of computing, at all program points, an abstract memory graph (AMG) which tracks how input values of a method may influence its outputs. This computation subsumes a points-to analysis (reflecting how objects depend on each other) by addressing dependencies arising from data of primitive types and from the control flow of the program. Our graph construction is proved to be sound for both intra-procedural and inter-procedural analysis by establishing a non-interference theorem stating that if an output value is unrelated to an input one in the AMG then the output remains unchanged when the input is modified. In contrast with many type-based information flow techniques, our approach does not require security levels to be known during the computation of the graph: security aspects of information flow are checked by labeling ”a posteriori” the AMG with security levels.