Skip to main content
Article thumbnail
Location of Repository

Modular Reasoning about . . .

By Sruthi Bandhakavi


Information flow analysis is a static analysis that is used to ensure that a classic security policy – confidentiality – is satisfied by a program. Confidentiality is an end-to-end policy: given a program with different levels of inputs, some sensitive (High) and some public (Low), where Low, High are levels in a security lattice Low ≤ High, the policy states that no information about High inputs should flow to (i.e., be leaked to) Low outputs. Confidentiality can be ensured by checking for the indistinguishability property: “No information is leaked, if two runs of a program are indistinguishable on Low variables”. There can be different ways of information flow: direct flow due to the direct assignment of one variable to the other, indirect flow in which information flows via a control variable in a conditional or loop. Object oriented programs have some more flows due to pointer aliasing and dynamic dispatch. Also since the static analysis doesn’t keep track of the values of the data, some false information flows may be detected. This dissertation surveys existing information flow analyses and identifies the reasons for their imprecision. A modular, flow-sensitive, and context-sensitive Hoare-like logic is proposed to detect such information flows. There are two kind of assertions in the logic: region asser

Year: 2005
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.