TY - GEN
T1 - Provably correct runtime enforcement of non-interference properties
AU - Venkatakrishnan, V. N.
AU - Xu, Wei
AU - DuVarney, Daniel C.
AU - Sekar, R.
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2006.
PY - 2006
Y1 - 2006
N2 - Non-interference has become the standard criterion for ensuring confidentiality of sensitive data in the information flow literature. However, application of non-interference to practical software systems has been limited. This is partly due to the imprecision that is inherent in static analyses that have formed the basis of previous non-interference based techniques. Runtime approaches can be significantly more accurate than static analysis, and have often been more successful in practice. However, they can only reason about explicit information flows that take place via assignments in a program. Implicit flows that take place without involving assignments, and can be inferred from the structure and/or semantics of the program, are missed by runtime techniques. This paper seeks to bridge the gap between the accuracy provided by runtime techniques and the completeness provided by static analysis techniques. In particular, we develop a hybrid technique that relies primarily on runtime information-flow tracking, but augments it with static analysis to reason about implicit flows that arise due to unexecuted paths in a program. We prove that the resulting technique preserves non-interference, while providing some of the traditional benefits of dynamic analysis such as improved accuracy.
AB - Non-interference has become the standard criterion for ensuring confidentiality of sensitive data in the information flow literature. However, application of non-interference to practical software systems has been limited. This is partly due to the imprecision that is inherent in static analyses that have formed the basis of previous non-interference based techniques. Runtime approaches can be significantly more accurate than static analysis, and have often been more successful in practice. However, they can only reason about explicit information flows that take place via assignments in a program. Implicit flows that take place without involving assignments, and can be inferred from the structure and/or semantics of the program, are missed by runtime techniques. This paper seeks to bridge the gap between the accuracy provided by runtime techniques and the completeness provided by static analysis techniques. In particular, we develop a hybrid technique that relies primarily on runtime information-flow tracking, but augments it with static analysis to reason about implicit flows that arise due to unexecuted paths in a program. We prove that the resulting technique preserves non-interference, while providing some of the traditional benefits of dynamic analysis such as improved accuracy.
UR - https://www.scopus.com/pages/publications/85008603199
U2 - 10.1007/11935308_24
DO - 10.1007/11935308_24
M3 - Conference contribution
AN - SCOPUS:85008603199
SN - 9783540494966
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 332
EP - 351
BT - Information and Communications Security - 8th International Conference, ICICS 2006, Proceedings
A2 - Ning, Peng
A2 - Qing, Sihan
A2 - Li, Ninghui
PB - Springer Verlag
T2 - 8th International Conference on Information and Communications Security, ICICS 2006
Y2 - 4 December 2006 through 7 December 2006
ER -