Information Flow is Linear Refinement of Constancy

Detecting information flows inside a program is useful to check non-interference of program variables, an important aspect of software security. Information flows have been computed in the past by using abstract interpretation over an abstract domain IF which expresses sets of flows. In this paper we reconstruct IF as the linear refinement C->C of a basic domain C expressing constancy of program variables. This is important since we also show that C->C, and hence IF, is closed wrt linear refinement, and is hence optimal and condensing. Then a compositional, input-independent static analysis over IF has the same precision of a non-compositional, input-driven analysis. Moreover, we show that C->C has a natural representation in terms of Boolean formulas, efficiently implementable through binary decision diagrams

SAILS: static analysis of information leakage with Sample

ABSTRACT In this paper, we introduce Sails, a new tool that combines Sample, a generic static analyzer, and a sophisticated domain for leakage analysis. This tool does not require to modify the original language, since it works with mainstream languages like Java, and it does not require any manual annotation. Sails can combine the information leakage analysis with different heap abstractions, inferring information leakage over programs dealing with complex data structures. We applied Sails to the analysis of the SecuriBench-micro suite. The experimental results show the effectiveness of our approach

Optimality and Condensing of Information Flow through Linear Refinement

Detecting information flows inside a program is useful to check non-interference or independence of program variables, an important aspect of software security. In this paper we present a new abstract domain C expressing constancy of program variables. We then apply Giacobazzi and Scozzari's linear refinement to build a domain C->C which contains all input/output dependences between the constancy of program variables. We show that C->C is optimal, in the sense that it cannot be further linearly refined, andcondensing, in the sense that a compositional, input-independent static analysis over C->C has the same precision as a non-compositional, input-driven analysis. Moreover, we show that C->C has a natural representation in terms of Boolean formulas, which is important since it allows one to use the efficient binary decision diagrams in its implementation. We then prove that C-.C coincides with Genaim, Giacobazzi andMastroeni's IF domain for information flows and with Amtoft and Banerjee's Indep domain for independence. This lets us extend to IF and Indep the properties that we proved for C->C: optimality, condensing and representation in terms of Boolean formulas. As a secondary result, it lets us conclude that IF and Indep are actually the same abstract domain, although completely different static analyses have been based on them

Combining symbolic and numerical domains for information leakage analysis

We introduce an abstract domain for information-flow analysis of software. The proposal combines variable dependency analysis with numerical abstractions, yielding to accuracy and efficiency improvements. We apply the full power of the proposal to the case of database query languages as well. Finally, we present an implementation of the analysis, called Sails, as an instance of a generic static analyzer. Keeping the modular construction of the analysis, the tool allows one to tune the granularity of heap analysis and to choose the numerical domain involved in the reduced product. This way the user can tune the information leakage analysis at dierent levels of precision and efficiency