Static Analysis for Efficient Hybrid Information-Flow Control

Hybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static analyses can be used to make hybrid information-flow monitors more efficient, in two ways. First, a simple static analysis can determine when it is sound for a monitor to stop tracking the security level of certain variables. This potentially reduces run-time overhead of the monitor, particularly in applications where sensitive (i.e., confidential or untrusted) data is infrequently introduced to the system. Second, we derive sufficient conditions for soundly incorporating a wide range of memory abstractions into information-flow monitors. This allows the selection of a memory abstraction that gives an appropriate tradeoff between efficiency and precision. It also facilitates the development of innovative and sound memory abstractions that use run-time security information maintained by the monitor. We present and prove our results by extending the information-flow monitor of Russo and Sabelfeld (2010). These results bring us closer to efficient, sound, and precise enforcement of information security.Engineering and Applied Science

Heap Abstractions for Static Analysis

Heap data is potentially unbounded and seemingly arbitrary. As a consequence, unlike stack and static memory, heap memory cannot be abstracted directly in terms of a fixed set of source variable names appearing in the program being analysed. This makes it an interesting topic of study and there is an abundance of literature employing heap abstractions. Although most studies have addressed similar concerns, their formulations and formalisms often seem dissimilar and some times even unrelated. Thus, the insights gained in one description of heap abstraction may not directly carry over to some other description. This survey is a result of our quest for a unifying theme in the existing descriptions of heap abstractions. In particular, our interest lies in the abstractions and not in the algorithms that construct them. In our search of a unified theme, we view a heap abstraction as consisting of two features: a heap model to represent the heap memory and a summarization technique for bounding the heap representation. We classify the models as storeless, store based, and hybrid. We describe various summarization techniques based on k-limiting, allocation sites, patterns, variables, other generic instrumentation predicates, and higher-order logics. This approach allows us to compare the insights of a large number of seemingly dissimilar heap abstractions and also paves way for creating new abstractions by mix-and-match of models and summarization techniques.Comment: 49 pages, 20 figure

Construction and analysis of causally dynamic hybrid bond graphs

Engineering systems are frequently abstracted to models with discontinuous behaviour (such as a switch or contact), and a hybrid model is one which contains continuous and discontinuous behaviours. Bond graphs are an established physical modelling method, but there are several methods for constructing switched or ‘hybrid’ bond graphs, developed for either qualitative ‘structural’ analysis or efficient numerical simulation of engineering systems. This article proposes a general hybrid bond graph suitable for both. The controlled junction is adopted as an intuitive way of modelling a discontinuity in the model structure. This element gives rise to ‘dynamic causality’ that is facilitated by a new bond graph notation. From this model, the junction structure and state equations are derived and compared to those obtained by existing methods. The proposed model includes all possible modes of operation and can be represented by a single set of equations. The controlled junctions manifest as Boolean variables in the matrices of coefficients. The method is more compact and intuitive than existing methods and dispenses with the need to derive various modes of operation from a given reference representation. Hence, a method has been developed, which can reach common usage and form a platform for further study