摘要: This paper deals with the problem of protect confidentiality data manipulated by sequential programs. In this context, secure information flow refers to guarantee that program executions are free non authorized flows secret into public channels. There two established means enforce policies: static analyses, performed at compile time and all unauthorized flows; runtime monitoring, dynamically detects neutralizes invalid for current run.Both approaches have their advantages disadvantages. The main disadvantages control (IFC) is, it does not differentiate between insecure same program, therefore whole programs rejected in presence possible flows. On contrary, dynamic IFC rejects only. analysis precision comes price execution overload imposes tracking flow.This work presents slicing, a technique statically transforms probably (interfering) (non-interfering) ones. Our approach combines transformation: if detected, instead rejecting we transform eliminate way, alleviate drawbacks approaches: neither reject full nor impose run-time overhead. resulting can be seen as slice source executed without risk leaks.In also show slices computed intentionally release information, applied real programming languages such Java.
acm.org
sci-hub.se 参考文章(35)
Gilles Barthe, Salvador Cavadini, From Interfering to Non-interfering Programs ,(2007)
Mark David Weiser, Program slices: formal, psychological, and practical investigations of an automatic program abstraction method PhD thesis, University of Michigan. ,(1979)
Frank Tip, A survey of program slicing techniques. Journal of Programming Languages. ,vol. 3, ,(1995)
Raja Vallee-Rai, Patrick Lam, Vijay Sundaresan, Laurie Hendren, Phong Co, Etienne M. Gagnon, Soot---a java optimization framework conference of the centre for advanced studies on collaborative research. ,(1999)
Raja Vallee-Rai, Laurie Hendren, Jimple: Simplifying Java Bytecode for Analyses and Transformations ,(1998)
Dennis Volpano, Geoffrey Smith, A Type-Based Approach to Program Security colloquium on trees in algebra and programming. pp. 607- 621 ,(1997) , 10.1007/BFB0030629
Gurvan Le Guernic, Anindya Banerjee, Thomas Jensen, David A. Schmidt, Automata-based confidentiality monitoring ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues. pp. 75- 89 ,(2006) , 10.1007/978-3-540-77505-8_7
Vincent Simonet, Flow Caml in a Nutshell ,(2003)
A.W. Roscoe, M.H. Goldsmith, What is intransitive noninterference ieee computer security foundations symposium. pp. 228- 238 ,(1999) , 10.1109/CSFW.1999.779776
J. A. Goguen, J. Meseguer, Security Policies and Security Models ieee symposium on security and privacy. pp. 11- 11 ,(1982) , 10.1109/SP.1982.10014