Slicing for Security of Code

  • Benjamin Monate
  • Julien Signoles
Conference paper

DOI: 10.1007/978-3-540-68979-9_10

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)
Cite this paper as:
Monate B., Signoles J. (2008) Slicing for Security of Code. In: Lipp P., Sadeghi AR., Koch KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg

Abstract

Bugs in programs implementing security features can be catastrophic: for example they may be exploited by malign users to gain access to sensitive data. These exploits break the confidentiality of information. All security analyses assume that softwares implementing security features correctly implement the security policy, i.e. are security bug-free. This assumption is almost always wrong and IT security administrators consider that any software that has no security patches on a regular basis should be replaced as soon as possible. As programs implementing security features are usually large, manual auditing is very error prone and testing techniques are very expensive. This article proposes to reduce the code that has to be audited by applying a program reduction technique called slicing. Slicing transforms a source code into an equivalent one according to a set of criteria. We show that existing slicing criteria do not preserve the confidentiality of information. We introduce a new automatic and correct source-to-source method properly preserving the confidentiality of information i.e. confidentiality is guaranteed to be exactly the same in the original program and in the sliced program.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Benjamin Monate
    • 1
  • Julien Signoles
    • 1
  1. 1.Software Reliability LabsCEA LISTGif-sur-Yvette CedexFrance

Personalised recommendations