Towards a Flow- and Path-Sensitive Information Flow Analysis

Peixuan Li; Danfeng Zhang

doi:10.1109/CSF.2017.17

Towards a Flow- and Path-Sensitive Information Flow Analysis

Peixuan Li, Danfeng Zhang

School of Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an information flow analysis with fixed labels can be both flow- and path-sensitive. The novel analysis has two major components: 1) a general-purpose program transformation that removes false dataflow dependencies in a program that confuse a fixed-label type system, and 2) a fixed-label type system that allows security types to depend on path conditions. We formally prove that the proposed analysis enforces a rigorous security property: noninterference. Moreover, we show that the analysis is strictly more precise than a classic flow-sensitive type system, and it allows sound control of information flow in the presence of mutable variables without resorting to run-time mechanisms.

Original language	English (US)
Title of host publication	Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017
Publisher	IEEE Computer Society
Pages	53-67
Number of pages	15
ISBN (Electronic)	9781538632161
DOIs	https://doi.org/10.1109/CSF.2017.17
State	Published - Sep 25 2017
Event	30th IEEE Computer Security Foundations Symposium, CSF 2017 - Santa Barbara, United States Duration: Aug 21 2017 → Aug 25 2017

Publication series

Name	Proceedings - IEEE Computer Security Foundations Symposium
ISSN (Print)	1940-1434

Other

Other	30th IEEE Computer Security Foundations Symposium, CSF 2017
Country	United States
City	Santa Barbara
Period	8/21/17 → 8/25/17

All Science Journal Classification (ASJC) codes

Engineering(all)

Access to Document

10.1109/CSF.2017.17

Fingerprint Dive into the research topics of 'Towards a Flow- and Path-Sensitive Information Flow Analysis'. Together they form a unique fingerprint.

Cite this

Li, P., & Zhang, D. (2017). Towards a Flow- and Path-Sensitive Information Flow Analysis. In Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017 (pp. 53-67). [8049651] (Proceedings - IEEE Computer Security Foundations Symposium). IEEE Computer Society. https://doi.org/10.1109/CSF.2017.17

@inproceedings{f0c816e50caa4b7d9cee494a65e40be2,

title = "Towards a Flow- and Path-Sensitive Information Flow Analysis",

abstract = "This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an information flow analysis with fixed labels can be both flow- and path-sensitive. The novel analysis has two major components: 1) a general-purpose program transformation that removes false dataflow dependencies in a program that confuse a fixed-label type system, and 2) a fixed-label type system that allows security types to depend on path conditions. We formally prove that the proposed analysis enforces a rigorous security property: noninterference. Moreover, we show that the analysis is strictly more precise than a classic flow-sensitive type system, and it allows sound control of information flow in the presence of mutable variables without resorting to run-time mechanisms.",

author = "Peixuan Li and Danfeng Zhang",

year = "2017",

month = sep,

day = "25",

doi = "10.1109/CSF.2017.17",

language = "English (US)",

series = "Proceedings - IEEE Computer Security Foundations Symposium",

publisher = "IEEE Computer Society",

pages = "53--67",

booktitle = "Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017",

address = "United States",

note = "30th IEEE Computer Security Foundations Symposium, CSF 2017 ; Conference date: 21-08-2017 Through 25-08-2017",

}

Li, P & Zhang, D 2017, Towards a Flow- and Path-Sensitive Information Flow Analysis. in Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017., 8049651, Proceedings - IEEE Computer Security Foundations Symposium, IEEE Computer Society, pp. 53-67, 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, United States, 8/21/17. https://doi.org/10.1109/CSF.2017.17

TY - GEN

T1 - Towards a Flow- and Path-Sensitive Information Flow Analysis

AU - Li, Peixuan

AU - Zhang, Danfeng

PY - 2017/9/25

Y1 - 2017/9/25

N2 - This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an information flow analysis with fixed labels can be both flow- and path-sensitive. The novel analysis has two major components: 1) a general-purpose program transformation that removes false dataflow dependencies in a program that confuse a fixed-label type system, and 2) a fixed-label type system that allows security types to depend on path conditions. We formally prove that the proposed analysis enforces a rigorous security property: noninterference. Moreover, we show that the analysis is strictly more precise than a classic flow-sensitive type system, and it allows sound control of information flow in the presence of mutable variables without resorting to run-time mechanisms.

AB - This paper investigates a flow- and path-sensitive static information flow analysis. Compared with security type systems with fixed labels, it has been shown that flow-sensitive type systems accept more secure programs. We show that an information flow analysis with fixed labels can be both flow- and path-sensitive. The novel analysis has two major components: 1) a general-purpose program transformation that removes false dataflow dependencies in a program that confuse a fixed-label type system, and 2) a fixed-label type system that allows security types to depend on path conditions. We formally prove that the proposed analysis enforces a rigorous security property: noninterference. Moreover, we show that the analysis is strictly more precise than a classic flow-sensitive type system, and it allows sound control of information flow in the presence of mutable variables without resorting to run-time mechanisms.

UR - http://www.scopus.com/inward/record.url?scp=85033787647&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85033787647&partnerID=8YFLogxK

U2 - 10.1109/CSF.2017.17

DO - 10.1109/CSF.2017.17

M3 - Conference contribution

AN - SCOPUS:85033787647

T3 - Proceedings - IEEE Computer Security Foundations Symposium

SP - 53

EP - 67

BT - Proceedings - IEEE 30th Computer Security Foundations Symposium, CSF 2017

PB - IEEE Computer Society

T2 - 30th IEEE Computer Security Foundations Symposium, CSF 2017

Y2 - 21 August 2017 through 25 August 2017

ER -