15th International Symposium on Software Reliability Engineering
DOI: 10.1109/issre.2004.17
|View full text |Cite
|
Sign up to set email alerts
|

Detecting and Debugging Insecure Information Flows

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
79
0

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 66 publications
(79 citation statements)
references
References 18 publications
0
79
0
Order By: Relevance
“…It has been shown [28] that this feature can be used to gain information about secrets in some cases. The only exception known by the authors -in the domain of information flow monitoring -is the work by Masri et al [29] which presents a dynamic information flow analysis for structured or unstructured languages. However, their work does not study deeply the dynamic correction of "bad" flows and lacks formal statements and proofs of the correctness of the correction mechanism.…”
Section: Resultsmentioning
confidence: 99%
“…It has been shown [28] that this feature can be used to gain information about secrets in some cases. The only exception known by the authors -in the domain of information flow monitoring -is the work by Masri et al [29] which presents a dynamic information flow analysis for structured or unstructured languages. However, their work does not study deeply the dynamic correction of "bad" flows and lacks formal statements and proofs of the correctness of the correction mechanism.…”
Section: Resultsmentioning
confidence: 99%
“…In each call, the variables in the block I are treated symbolically, and every other variable is given a fixed, random initial value. Generate returns an updated flow map which is used to merge blocks in Π to get an updated partition (lines [12][13][14]. For every x ∈ X such that |flow (x)| > 1, the blocks in flow (x) are merged into one block to get a new coarser partition.…”
Section: Preliminary Definitionsmentioning
confidence: 99%
“…Our optimization based on control and data dependencies is similar to checking information flow [6,12,5]. For example, dynamic information flow checkers [12,5] are based on similar dependency analyzes.…”
Section: Introductionmentioning
confidence: 99%
“…This technique has been used in security as well as software testing and debugging [41,9]. Taint propagation occurs in both explicit information flow (i.e., data dependencies) and implicit information flow (control dependencies).…”
Section: Dynamic Taint Analysismentioning
confidence: 99%