• A sound dependency analysis fo...

Treffer: A sound dependency analysis for secure information flow (extended version)

Title:
A sound dependency analysis for secure information flow (extended version)
Authors:
Ghindici, Dorina, Simplot-Ryl, Isabelle, Talbot, Jean-Marc
Contributors:
System and Networking for Portable Objects Proved to be Safe (POPS), Laboratoire d'Informatique Fondamentale de Lille (LIFL), Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Université de Lille, Sciences et Technologies-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lille, Sciences Humaines et Sociales-Centre National de la Recherche Scientifique (CNRS)-Inria Lille - Nord Europe, Institut National de Recherche en Informatique et en Automatique (Inria), Laboratoire d'informatique Fondamentale de Marseille - UMR 6166 (LIF), Université de la Méditerranée - Aix-Marseille 2-Université de Provence - Aix-Marseille 1-Centre National de la Recherche Scientifique (CNRS), INRIA
Source:
https://inria.hal.science/inria-00185263 ; [Research Report] RT-0347, INRIA. 2007.
Publisher Information:
HAL CCSD
Publication Year:
2007
Collection:
Université de Lille 3 - Sciences Humaines et Sociales: HAL
Subject Terms:
Information flow, static analysis, Java bytecode, abstract interpretation, non-interference, [INFO.INFO-CL]Computer Science [cs]/Computation and Language [cs.CL]
Document Type:
Report report
Language:
English
Availability:
https://inria.hal.science/inria-00185263
https://inria.hal.science/inria-00185263v3/document
https://inria.hal.science/inria-00185263v3/file/RT-0347.pdf
Rights:
info:eu-repo/semantics/OpenAccess
Accession Number:
edsbas.74F283A0
Database:
BASE

Weitere Informationen

In this paper we present a flow-sensitive analysis for secure information flow for Java bytecode. Our approach consists in computing, at different program points, a dependency graph which tracks how input values of a method may influence its outputs. This computation subsumes a points-to analysis (reflecting how objects depend on each others) by addressing dependencies arising from data of primitive type and from the control flow of the program. Our graph construction is proved to be sound by establishing a non-interference theorem stating that an output value is unrelated with an input one in the dependency graph if the output remains unchanged when the input is modified. In contrast with many type-based information flow techniques, our approach does not require security levels to be known during the computation of the graph: security aspects of information flow are checked by labeling "a posteriori" the dependency graph with security levels.