Using Theorem Provers to Increase the Precision of Dependence Analysis for Information Flow Control

Abstract: Information flow control (IFC) is a category of techniques for enforcing information flow properties. In this paper we present the Combined Approach, a novel IFC technique that combines a scalable system-dependence-graph-based (SDG-based) approach with a precise logic-based approach based on a theorem prover. The Combined Approach has an increased precision compared with the SDG-based approach on its own, without sacrificing its scalability. For every potential illegal information flow reported by the SDG-base… Show more

“…This section presents the approaches in the Noninterference Framework. We present SDG-based approaches (using Herda et al [22]) in Section 3.1, logicbased approaches (using previous works [6,21]) in Section 3.2, and automatic test generation based on symbolic execution (using Herda et al [21]) in Section 3.3.…”

“…In this article, we present an overview of recent combinations [6,21,22] of deductive program verification with automatic test generation on the one hand and static analysis on the other hand, with the goal of checking noninterference. The resulting Noninterference Framework can be used both for proving that a given program fulfills a given noninterference property and, also, for finding a counterexample that demonstrates a noninterference violation in case the noninterference property is not fulfilled.…”

“…In Section 2, which is based on Herda et al [21], we define the noninterference properties that are handled with the framework. In Section 3, which is based on Ahrendt et al [4], Beckert et al [6], and works by Herda et al [21,22], we present the used approaches. We provide an overview of the framework in Section 4, which is based on Herda [20].…”

“…Section 5, which is based on Herda et al [21], presents an approach which uses deductive verification for automatic test generation. In Sections 6 and 7, which are based on Herda et al [22] and Beckert et al [6] respectively, we consider two approaches which combine SDG-based and logic-based approaches for proving noninterference. We discuss implementation aspects of the two combinations in Section 8, which is based on previous works [6,20].…”

“…In Sections 6 and 7, which are based on Herda et al [22] and Beckert et al [6] respectively, we consider two approaches which combine SDG-based and logic-based approaches for proving noninterference. We discuss implementation aspects of the two combinations in Section 8, which is based on previous works [6,20]. In Section 9, we present related work.…”

Integration of Static and Dynamic Analysis Techniques for Checking Noninterference

“…This section presents the approaches in the Noninterference Framework. We present SDG-based approaches (using Herda et al [22]) in Section 3.1, logicbased approaches (using previous works [6,21]) in Section 3.2, and automatic test generation based on symbolic execution (using Herda et al [21]) in Section 3.3.…”

“…In this article, we present an overview of recent combinations [6,21,22] of deductive program verification with automatic test generation on the one hand and static analysis on the other hand, with the goal of checking noninterference. The resulting Noninterference Framework can be used both for proving that a given program fulfills a given noninterference property and, also, for finding a counterexample that demonstrates a noninterference violation in case the noninterference property is not fulfilled.…”

“…In Section 2, which is based on Herda et al [21], we define the noninterference properties that are handled with the framework. In Section 3, which is based on Ahrendt et al [4], Beckert et al [6], and works by Herda et al [21,22], we present the used approaches. We provide an overview of the framework in Section 4, which is based on Herda [20].…”

“…Section 5, which is based on Herda et al [21], presents an approach which uses deductive verification for automatic test generation. In Sections 6 and 7, which are based on Herda et al [22] and Beckert et al [6] respectively, we consider two approaches which combine SDG-based and logic-based approaches for proving noninterference. We discuss implementation aspects of the two combinations in Section 8, which is based on previous works [6,20].…”

“…In Sections 6 and 7, which are based on Herda et al [22] and Beckert et al [6] respectively, we consider two approaches which combine SDG-based and logic-based approaches for proving noninterference. We discuss implementation aspects of the two combinations in Section 8, which is based on previous works [6,20]. In Section 9, we present related work.…”

Integration of Static and Dynamic Analysis Techniques for Checking Noninterference