Experiences with PDG-Based IFC
نویسنده
چکیده
Information flow control systems provide the guarantees that are required in today’s security-relevant systems. While the literature has produced a wealth of techniques to ensure a given security policy, there is only a small number of implementations, and even these are mostly restricted to theoretical languages or a subset of an existing language. Previously, we presented the theoretical foundations and algorithms for dependence-graph-based information flow control (IFC). As a complement, this paper presents the implementation and evaluation of our new approach, the first implementation of a dependence-graph based analysis that accepts full Java bytecode. It shows that the security policy can be annotated in a succinct manner; and the evaluation shows that the increased runtime of our analysis—a result of being flow-, context-, and object-sensitive—is mitigated by better analysis results and elevated practicability. Finally, we show that the scalability of our analysis is not limited by the sheer size of either the security lattice or the dependence graph that represents the program.
منابع مشابه
Information Flow Analysis via Path Condition Refinement
We present a new approach to information flow control (IFC), which exploits counterexample-guided abstraction refinement (CEGAR) technology. The CEGAR process is built on top of our existing IFC analysis in which illegal flows are characterized using program dependence graphs (PDG) and path conditions (as described in [12]). Although path conditions provide an already precise abstraction that c...
متن کاملStatistics of polarization-dependent gain in fiber-based Raman amplifiers.
We develop an analytic model for finding the statistics of polarization-dependent gain (PDG) in fiber-based Raman amplifiers. We use it to find an analytic form for the probability distribution of PDG and study how the mean PDG and the variance of PDG fluctuations depend on the PMD parameter. We show that mean PDG as well as PDG fluctuations are reduced by approximately a factor of 30 in the ca...
متن کاملAn Approach to Fault Modeling and Fault Seeding Using the Program Dependence Graph1
We present a fault-classification scheme and a fault-seeding method that are based on the manifestation of faults in the program dependence graph (PDG). We enhance the domain/computation faultclassification scheme developed by Howden to further characterize faults as structural and statement-level, depending on the differences between the PDG for the original program and the PDG for the faulty ...
متن کاملA paradigm for the study of paranoia in the general population: the Prisoner's Dilemma Game.
A growing body of research shows that paranoia is common in the general population. We report three studies that examined the Prisoner's Dilemma Game (PDG) as a paradigm for evaluation of non-clinical paranoia. The PDG captures three key qualities that are at the heart of paranoia--it is interpersonal, it concerns threat, and it concerns the perception of others' intentions towards the self. St...
متن کاملAn Evaluation of IFC-CityGML Unidirectional Conversion
Interoperability between building information models (BIM) and geographic information models has a strong potential to bring benefit to different demands in construction analysis, urban planning, homeland security and other applications. Therefore, different research and commercial efforts have been initiated to integrate the most prominent semantic models in BIM and geospatial applications. Th...
متن کامل