Detecting and Debugging Insecure Information Flows

Masri, Wes; Podgurski, Andy; León, David De

doi:10.1109/issre.2004.17

Cited by 66 publications

(79 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It has been shown [28] that this feature can be used to gain information about secrets in some cases. The only exception known by the authors -in the domain of information flow monitoring -is the work by Masri et al [29] which presents a dynamic information flow analysis for structured or unstructured languages. However, their work does not study deeply the dynamic correction of "bad" flows and lacks formal statements and proofs of the correctness of the correction mechanism.…”

Section: Resultsmentioning

confidence: 99%

Automata-Based Confidentiality Monitoring

Guernic

Banerjee

Jensen

et al. 2007

Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues

View full text Add to dashboard Cite

Non-interference is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. In contrast to static checking of non-interference, this paper considers dynamic, automaton-based, monitoring of information flow for a single execution of a sequential program. The monitoring mechanism is based on a combination of dynamic and static analyses. During program execution, abstractions of program events are sent to the automaton, which uses the abstractions to track information flows and to control the execution by forbidding or editing dangerous actions. The mechanism proposed is proved to be sound, to preserve executions of well-typed programs (in the security type system of Volpano, Smith and Irvine), and to preserve some safe executions of ill-typed programs.

show abstract

Section: Resultsmentioning

confidence: 99%

Automata-Based Confidentiality Monitoring

Guernic

Banerjee

Jensen

et al. 2007

Advances in Computer Science - ASIAN 2006. Secure Software and Related Issues

View full text Add to dashboard Cite

show abstract

“…In each call, the variables in the block I are treated symbolically, and every other variable is given a fixed, random initial value. Generate returns an updated flow map which is used to merge blocks in Π to get an updated partition (lines [12][13][14]. For every x ∈ X such that |flow (x)| > 1, the blocks in flow (x) are merged into one block to get a new coarser partition.…”

Section: Preliminary Definitionsmentioning

confidence: 99%

“…Our optimization based on control and data dependencies is similar to checking information flow [6,12,5]. For example, dynamic information flow checkers [12,5] are based on similar dependency analyzes.…”

Section: Introductionmentioning

confidence: 99%

Reducing Test Inputs Using Information Partitions

Majumdar

2009

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Automatic symbolic techniques to generate test inputs, for example, through concolic execution, suffer from path explosion: the number of paths to be symbolically solved for grows exponentially with the number of inputs. In many applications though, the inputs can be partitioned into "non-interfering" blocks such that symbolically solving for each input block while keeping all other blocks fixed to concrete values can find the same set of assertion violations as symbolically solving for the entire input. This can greatly reduce the number of paths to be solved (in the best case, from exponentially many to linearly many in the number of inputs). We present an algorithm that combines test input generation by concolic execution with dynamic computation and maintenance of information flow between inputs. Our algorithm iteratively constructs a partition of the inputs, starting with the finest (all inputs separate) and merging blocks if a dependency is detected between variables in distinct input blocks during test generation. Instead of exploring all paths of the program, our algorithm separately explores paths for each block (while fixing variables in other blocks to random values). In the end, the algorithm outputs an input partition and a set of test inputs such that (a) inputs in different blocks do not have any dependencies between them, and (b) the set of tests provides equivalent coverage with respect to finding assertion violations as full concolic execution. We have implemented our algorithm in the Splat test generation tool. We demonstrate that our reduction is effective by generating tests for four examples in packet processing and operating system code.

show abstract

“…This technique has been used in security as well as software testing and debugging [41,9]. Taint propagation occurs in both explicit information flow (i.e., data dependencies) and implicit information flow (control dependencies).…”

Section: Dynamic Taint Analysismentioning

confidence: 99%