Effective blame for information-flow violations

Dave King, Trent Ray Jaeger, Somesh Jha, Sanjit A. Seshia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.

Original languageEnglish (US)
Title of host publicationSIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering
Pages250-260
Number of pages11
DOIs
StatePublished - Dec 1 2008
Event16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2008/FSE-16 - Atlanta, GA, United States
Duration: Nov 9 2008Nov 14 2008

Publication series

NameProceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Other

Other16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2008/FSE-16
CountryUnited States
CityAtlanta, GA
Period11/9/0811/14/08

Fingerprint

Experiments

All Science Journal Classification (ASJC) codes

  • Software

Cite this

King, D., Jaeger, T. R., Jha, S., & Seshia, S. A. (2008). Effective blame for information-flow violations. In SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (pp. 250-260). (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering). https://doi.org/10.1145/1453101.1453135
King, Dave ; Jaeger, Trent Ray ; Jha, Somesh ; Seshia, Sanjit A. / Effective blame for information-flow violations. SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. 2008. pp. 250-260 (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering).
@inproceedings{f4ae6e7049284458a19a9f9907a5ccdd,
title = "Effective blame for information-flow violations",
abstract = "Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.",
author = "Dave King and Jaeger, {Trent Ray} and Somesh Jha and Seshia, {Sanjit A.}",
year = "2008",
month = "12",
day = "1",
doi = "10.1145/1453101.1453135",
language = "English (US)",
isbn = "9781595939951",
series = "Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering",
pages = "250--260",
booktitle = "SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering",

}

King, D, Jaeger, TR, Jha, S & Seshia, SA 2008, Effective blame for information-flow violations. in SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 250-260, 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2008/FSE-16, Atlanta, GA, United States, 11/9/08. https://doi.org/10.1145/1453101.1453135

Effective blame for information-flow violations. / King, Dave; Jaeger, Trent Ray; Jha, Somesh; Seshia, Sanjit A.

SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. 2008. p. 250-260 (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Effective blame for information-flow violations

AU - King, Dave

AU - Jaeger, Trent Ray

AU - Jha, Somesh

AU - Seshia, Sanjit A.

PY - 2008/12/1

Y1 - 2008/12/1

N2 - Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.

AB - Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.

UR - http://www.scopus.com/inward/record.url?scp=77950478187&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950478187&partnerID=8YFLogxK

U2 - 10.1145/1453101.1453135

DO - 10.1145/1453101.1453135

M3 - Conference contribution

SN - 9781595939951

T3 - Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

SP - 250

EP - 260

BT - SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering

ER -

King D, Jaeger TR, Jha S, Seshia SA. Effective blame for information-flow violations. In SIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. 2008. p. 250-260. (Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering). https://doi.org/10.1145/1453101.1453135