A Virtual Machine Based Information Flow Control System for Policy Enforcement
Electronic Notes in Theoretical Computer Science (ENTCS)
Efficient purely-dynamic information flow analysis
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Proceedings of the 3rd international conference on Security of information and networks
Runtime verification using policy-based approach to control information flow
International Journal of Security and Networks
| Hi-index | 0.00 |
Information flow analysis policies are more flexible and powerful than currently prevalent discretionary access control(DAC) policies. Current information flow systems are either purely dynamic or static. Pure dynamic systems are overly conservative, as they suffer from label creep due to lack of information about other paths. On the other hand, pure static systems are conservative about runtime values, require source code, and programmer annotations. We propose hybrid information flow analysis, which is more flexible and precise than either pure static or dynamic techniques individually. It leverages the strengths of the two approaches, while mitigating their weaknesses. It statically gathers information and makes it available to the runtime, so that the runtime mechanism can safely contain the label creep while precisely tacking information in current path of execution. The proposed analysis works on Java bytecode, does not require source code or programmer annotations.