Types vs. PDGs in Information Flow Analysis
نویسندگان
چکیده
Type-based and PDG-based information flow analysis techniques are currently developed independently in a competing manner, with different strengths regarding coverage of language features and security policies. In this article, we study the relationship between these two approaches. One key insight is that a type-based information flow analysis need not be less precise than a PDG-based analysis. For proving this result we establish a formal connection between the two approaches which can also be used to transfer concepts from one tradition of information flow analysis to the other. The adoption of rely-guarantee-style reasoning from security type systems, for instance, enabled us to develop a PDG-based information flow analysis for multi-threaded programs.
منابع مشابه
Addendum to the Article “Types vs. PDGs in Information Flow Analysis” – Proofs and Operational Semantics
Before proving Lemma 1 from [MS13] we prove several propositions that relate paths in the graph PDG(CFG c ) where c is of the form if (e) then c1 else c2 fi, while (e) do c1 od, or c1; c2 to paths in the graphs PDG(CFG I,O c1 ) and (if applicable) PDG(CFG c2 ). In the proofs, we write p + k for the path that is obtained from p by adding k to each node on p that is a natural number, and leaving ...
متن کاملInformation Flow Control for Java Based on Path Conditions in Dependence Graphs
Language-based information flow control (IFC) is a powerful tool to discover security leaks in software. Most current IFC approaches are however based on nonstandard type systems. Type-based IFC is elegant, but not precise and can lead to false alarms. We present a more precise approach to IFC which exploits active research in static program analysis. Our IFC approach is based on path condition...
متن کاملSemantical Equivalence of the Control Flow Graph and the Program Dependence Graph
The program dependence graph (PDG) represents data and control dependence between statements in a program. This paper presents an operational semantics of program dependence graphs. Since PDGs exclude artificial order of statements that resides in sequential programs, executions of PDGs are not unique. However, we identified a class of PDGs that have unique final states of executions, called de...
متن کاملExploring and Enforcing Application Security Guarantees via Program Dependence Graphs
We present Pidgin, a program analysis and understanding tool that allows developers to explore the information flows that exist in programs and specify and enforce security policies that restrict these information flows. Pidgin uses program-dependence graphs (PDGs) to precisely capture the information flows within a program. PDGs can be queried using a custom query language to explore and descr...
متن کاملSlicing of Concurrent Programs and its Application to Information Flow Control
Information flow control is concerned with the security of sensitive information being processed by a software. It aims to ensure that software does not leak rightfully accessed sensitive information to unauthorized sinks or taints it with data from unauthorized sources during its computations. It can be used supplementary to established security techniques like access control or encryption to ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012