Using dynamic information flow analysis to detect attacks against applications
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
An empirical study of the strength of information flows in programs
Proceedings of the 2006 international workshop on Dynamic systems analysis
Algorithms and tool support for dynamic information flow analysis
Information and Software Technology
Measuring the strength of information flows in programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
| Hi-index | 0.00 |
Dynamic information flow analysis is concerned with the runtime monitoring and regulation of the flow of information among objects throughout a system and ultimately between the system and the outside world. A new approach to dynamic information flow analysis is presented that can be used to detect and debug insecure flows in programs. It can be applied offline to validate and debug a program against an information flow policy, or, when fast response is not critical, it can be applied online to prevent illegal flows in deployed programs. Dynamic mechanisms are inherently unable to detect implicit information flows; our approach incorporates an optional static preprocessing phase that identifies implicit flows and transforms them into explicit ones. The resulting hybrid mechanism is therefore capable of detecting both explicit and implicit information flows. Program slicing is an integral part of debugging against an information flow policy. Forward computing slicing algorithms, which do not require a previously stored execution trace, are especially suited for interactive debugging. This dissertation proposes a dynamic slicing algorithm, which is characterized as forward computing, precise and applicable to unstructured programs. Observation-based testing (OBT) is an approach in which executions of a program are profiled and then analyzed using cluster analysis and sampling methods to identify unusual or suspicious executions for manual auditing. This technique can be used to detect ordinary failures as well as intrusive behaviors. It can also be the basis for test-case filtering. This dissertation contributes to observation-based testing research by devising two profiling techniques that capture a relatively higher level of detail from a program execution namely, information flow profiling and slice profiling. In order to empirically verify their relative efficiency, we used them as well as other types of profiles such as function calls and data flow profiles to conduct test-case filtering experiments. The test-case filtering experiments involved OBT techniques as well as coverage-based techniques. The comparative results are presented and discussed. Finally, this dissertation presents a prototype tool for detecting and debugging insecure information flows in Java byte programs, it is also capable of generating information flow and slice execution profiles.