Secure slices of insecure programs

Cavadini, Salvador V.

doi:10.1145/1368310.1368329

Cited by 9 publications

(6 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Various forms of dependence graphs (Program Dependence Graph (PDG), System Dependence Graph (SDG), Class Dependence Graph (ClDG), etc. [10,16,19,23]) are immensely useful, as an improvement over type-based systems, for information flow security analysis of programs [15,14,5,27,29]. In dependence graphs, program statements are represented by nodes whereas data-dependencies and control-dependencies are represented by edges.…”

Section: Leak = 5;mentioning

confidence: 99%

“…Some of the existing methods include backward slicing, path condition-based analysis, etc. [5,14]. A backward slice of a program with respect to a program point p and set of program variables V consists of all statements and predicates in the program that may affect the value of variables in V at p. Context-sensitivity in case of programs with procedure-calls, object-sensitivity in case of object-oriented programs are also considered in [15].…”

Section: Leak = 5;mentioning

confidence: 99%

See 1 more Smart Citation

Refining dependencies for information flow analysis of database applications

Alam

Halder

2016

IJTMCC

View full text Add to dashboard Cite

Preserving confidentiality of sensitive information in any computing system always remains a challenging issue. One such reason is improper coding of softwares which may lead to the disclosure of sensitive information to unauthorised users while propagating along the code during execution. Languagebased information flow security analysis has emerged as a promising technique to prove that program's executions do not leak sensitive information to untrusted users. In this paper, we propose information flow analysis of database applications. The main contributions of the paper are: 1) refinement of dependence graphs for database applications by removing false dependencies; 2) information-flow analysis of database applications using refined dependence graph. Our approach covers a more generic scenario where attackers are able to view only a part of the attribute-values according to the policy, and leads to a more precise semanticbased analysis which reduces false positives with respect to the literature. This paper is a revised and expanded version of a paper entitled 'Data-Centric Refinement of Information Flow Analysis of Database Applications' presented at SSCC '

show abstract

Section: Leak = 5;mentioning

confidence: 99%

Section: Leak = 5;mentioning

confidence: 99%

Refining dependencies for information flow analysis of database applications

Alam

Halder

2016

IJTMCC

View full text Add to dashboard Cite

show abstract

“…They also report on a JavaScript implementation that requires a modified virtual machine. In a somewhat related line of work, Cavadini [9] proposes a technique based on program slicing to obtain secure fragments of insecure programs.…”

Section: Related Workmentioning

confidence: 99%

Secure Multi-Execution through Static Program Transformation

Barthe

Crespo

Devriese

et al. 2012

Formal Techniques for Distributed Systems

View full text Add to dashboard Cite

Secure multi-execution (SME) is a dynamic technique to ensure secure information flow. In a nutshell, SME enforces security by running one execution of the program per security level, and by reinterpreting input/output operations w.r.t. their associated security level. SME is sound, in the sense that the execution of a program under SME is non-interfering, and precise, in the sense that for programs that are non-interfering in the usual sense, the semantics of a program under SME coincides with its standard semantics. A further virtue of SME is that its core idea is language-independent; it can be applied to a broad range of languages. A downside of SME is the fact that existing implementation techniques require modifications to the runtime environment, e.g. the browser for Web applications. In this article, we develop an alternative approach where the effect of SME is achieved through program transformation, without modifications to the runtime, thus supporting server-side deployment on the web. We show on an exemplary language with input/output and dynamic code evaluation (modeled after JavaScript's eval) that our transformation is sound and precise. The crux of the proof is a simulation between the execution of the transformed program and the SME execution of the original program. This proof has been machine-checked using the Agda proof assistant. We also report on prototype implementations for a small fragment of Python and a substantial subset of JavaScript.

show abstract

“…There have been a number of white-box techniques using static analysis, such as program slicing [28,30], type analysis [2,23,25], probabilistic analysis [18,20,24], and information-theoretic analysis [4,12,19], to find dependency among variables. In our recent work [16], we introduce a new information-theoretic technique that does not depend on static analysis and can be adapted to black-boxes easily as shown in [16].…”

Section: Introductionmentioning

confidence: 99%

Sampling a Two-Way Finite Automaton

Dang

Ibarra

2015

Automata, Universality, Computation

View full text Add to dashboard Cite

Abstract. We study position sampling in a 2-way nondeterministic finite automaton (2NFA) to measure the information dependency and information flow between state variables, based on the information-theoretic sampling technique proposed in [16]. We prove that for a 2NFA, the language generated by position sampling is regular. We also show that for a 2NFA, we can effectively find a vector of sampling positions that maximizes dependency and information flow in a run of the 2NFA. Finally, we give some language properties of sampled runs of 2NFAs augmented with restricted unbounded storage.

show abstract

Secure slices of insecure programs

Cited by 9 publications

References 20 publications

Refining dependencies for information flow analysis of database applications

Refining dependencies for information flow analysis of database applications

Secure Multi-Execution through Static Program Transformation

Sampling a Two-Way Finite Automaton

Contact Info

Product

Resources

About