4 research outputs found

    Hybrid Information Flow Analysis for Programs with Arrays

    Full text link
    Information flow analysis checks whether certain pieces of (confidential) data may affect the results of computations in unwanted ways and thus leak information. Dynamic information flow analysis adds instrumentation code to the target software to track flows at run time and raise alarms if a flow policy is violated; hybrid analyses combine this with preliminary static analysis. Using a subset of C as the target language, we extend previous work on hybrid information flow analysis that handled pointers to scalars. Our extended formulation handles arrays, pointers to array elements, and pointer arithmetic. Information flow through arrays of pointers is tracked precisely while arrays of non-pointer types are summarized efficiently. A prototype of our approach is implemented using the Frama-C program analysis and transformation framework. Work on a full machine-checked proof of the correctness of our approach using Isabelle/HOL is well underway; we present the existing parts and sketch the rest of the correctness argument.Comment: In Proceedings VPT 2016, arXiv:1607.0183

    Program Transformation for Non-interference Verification on Programs with Pointers

    Get PDF
    Part 4: Software SecurityInternational audienceNovel approaches for dynamic information flow monitoring are promising since they enable permissive (accepting a large subset of executions) yet sound (rejecting all insecure executions) enforcement of non-interference. In this paper, we present a dynamic information flow monitor for a language supporting pointers. Our flow-sensitive monitor relies on prior static analysis in order to soundly enforce non-interference. We also propose a program transformation that preserves the behavior of initial programs and soundly inlines our security monitor. This program transformation enables both dynamic and static verification of non-interference

    Enforcing information-flow policies by combining static and dynamic analyses

    Get PDF
    Tableau d'honneur de la FacultĂ© des Ă©tudes supĂ©rieures et postdoctorales, 2018-2019Le contrĂŽle de flot d’information est une approche prometteuse permettant aux utilisateurs decontrĂŽler comment une application utilise leurs informations confidentielles. Il reste toutefois plusieurs dĂ©fis Ă  relever avant que cette approche ne puisse ĂȘtre utilisĂ©e par le grand public. Plus spĂ©cifiquement, il faut que ce soit efficace, facile Ă  utiliser, que ça introduise peu de surcharge Ă  l’exĂ©cution, et que ça fonctionne sur des applications et langages rĂ©els. Les contributions prĂ©sentĂ©es dans cette thĂšse nous rapprochent de ces buts. Nous montrons qu’une combinaison d’analyse statique et dynamique permet d’augmenter l’efficacitĂ© d’un mĂ©canisme de contrĂŽle de flot d’information tout en minimisant la surcharge introduite. Notre mĂ©thode consiste en trois Ă©tapes : (1) Ă  l’aide d’analyse statique, vĂ©rifier que le programme ne contient pas de fuites d’information Ă©videntes; (2) instrumenter l’application (c.-Ă -d., insĂ©rer des commandes) pour prĂ©venir les fuites d’information confidentielles Ă  l’exĂ©cution; (3) Ă©valuer partiellement le programme pour diminuer l’impact de l’instrumentation sur le temps d’exĂ©cution. Pour aider les utilisateurs Ă  identifier les applications qui sont les plus susceptibles de faire fuirde l’information confidentielle (c.Ă .d., les applications malicieuses), nous avons dĂ©veloppĂ© un outil de dĂ©tection de maliciel pour Android. Il a une prĂ©cision de 94% et prend moins d’une seconde pour effectuer son analyse.Pour permettre aux utilisateurs de prioriser l’utilisation de ressources pour protĂ©ger l’information provenant de certaines sources, nous introduisons le concept defading labels. Pour permettre aux chercheurs de dĂ©velopper plus facilement et rapidement des mĂ©canismes de contrĂŽle de flot d’informations fiables, nous avons dĂ©veloppĂ© un outil permettant de gĂ©nĂ©rer automatiquement la spĂ©cification d’un mĂ©canisme Ă  partir de la spĂ©cification d’un langage de programmation. Pour permettre aux chercheurs de plus facilement communiquer leurs preuves Ă©crites en Coq, nous avons dĂ©veloppĂ© un outil permettant de gĂ©nĂ©rer des versions en langue naturelle de preuves Coq.Information-flow control is a promising approach that enables users to track and control how applications use their sensitive information. However, there are still many challenges to be addressed before it can be used by mainstream users. Namely, it needs to be effective, easy to use, lightweight, and support real applications and languages. The contributions presented in this thesis aim to bring us closer to these goals. We show that a combination of static and dynamic analysis can increase the overall effectiveness of information-flow control without introducing too much overhead. Our method consists of three steps: (1) using static analysis, we verify that the program does not contain anyobvious information leaks; (2) we instrument the program to prevent less obvious leaks from occurring at runtime; (3) we partially evaluate the program to minimize the instrumentation’simpact on execution time. We present a static-based malware detection tool for Android that allows users to easily identify the applications that are most likely to leak sensitive information (i.e., maliciousapplications). It boasts an accuracy of 94% and takes less than a second to perform its analysis. We introduce the concept of fading-labels, which allows information-flow control mechanisms to prioritize the usage of resources to track information from certain sources. We present a tool that can, given a programming language’s specification, generate information-flow control mechanism specifications. This should allow researchers to more easily develop information-flow control mechanisms. Finally, we present a tool that can generate natural-language versions of Coq proofs so that researchers may more easily communicate their Coq proofs
    corecore