SAILS: static analysis of information leakage with Sample

ABSTRACT In this paper, we introduce Sails, a new tool that combines Sample, a generic static analyzer, and a sophisticated domain for leakage analysis. This tool does not require to modify the original language, since it works with mainstream languages like Java, and it does not require any manual annotation. Sails can combine the information leakage analysis with different heap abstractions, inferring information leakage over programs dealing with complex data structures. We applied Sails to the analysis of the SecuriBench-micro suite. The experimental results show the effectiveness of our approach

Combining symbolic and numerical domains for information leakage analysis

We introduce an abstract domain for information-flow analysis of software. The proposal combines variable dependency analysis with numerical abstractions, yielding to accuracy and efficiency improvements. We apply the full power of the proposal to the case of database query languages as well. Finally, we present an implementation of the analysis, called Sails, as an instance of a generic static analyzer. Keeping the modular construction of the analysis, the tool allows one to tune the granularity of heap analysis and to choose the numerical domain involved in the reduced product. This way the user can tune the information leakage analysis at dierent levels of precision and efficiency

SAILS: Static Analysis of Information Leakage with Sample

Language-based information flow security has been longly studied during the last decades. Proving that a program enforces noninterference has been the goal of several static analyses. Nevertheless, despite this deep and extensive work, its practical applications have been relatively poor. Usually these approaches work on an ad-hoc programming language, and they do not support mainstream languages. This means that one should completely rewrite a program in order to apply them to some existing code. In this paper, we introduce Sails, a new tool that combines Sample, a generic static analyzer, and an existing information leakage analysis. This tool does not require to modify the original language, since it works with mainstream languages like Java, and it does not require any manual annotation. Sails can combine the information leakage analysis with different heap abstractions, inferring information leakage over programs dealing with complex data structures. We applied Sails to the analysis of the SecuriBench-micro suite. The experimental results show the effectiveness of our approach

openlaws.eu: User Experience Design

This document describes the overall approach towards user experience for the openlaws platform. It focuses on both main user groups, namely end-users as well as developers from the legal informatics community. After a review of existing legal platforms as well as some analytics and research platforms, the mock-ups for the openlaws portal are presented, together with its first prototypical realization. In addition, the authors report briefly about the two major community events for user experience input, the Openlaws Code Camp and the Openlaws Open Source Software Workshop

Widening and Narrowing Operators for Abstract Interpretation

Abstract Interpretation, one of the most applied techniques for semantics based static analysis of software, is based on two main key-concepts: the correspondence between concrete and abstract semantics through Galois connections/insertions, and the feasibility of a fixed point computation of the abstract semantics, through the fast convergence of widening operators. The latter point is crucial to ensure the scalability of the analysis to large software systems. The aim of this paper is to set the ground for a systematic design of widening and narrowing operators, by comparing the different definitions introduced in the literature and by discussing how to tune them in case of domain abstraction and domains' combination through cartesian and reduced products