Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2008: Information Systems Security pp 56–70Cite as

Implicit Flows: Can’t Live with ‘Em, Can’t Live without ‘Em

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5352))

Abstract

Verifying that programs trusted to enforce security actually do so is a practical concern for programmers and administrators. However, there is a disconnect between the kinds of tools that have been successfully applied to real software systems (such as taint mode in Perl and Ruby), and information-flow compilers that enforce a variant of the stronger security property of noninterference. Tools that have been successfully used to find security violations have focused on explicit flows of information, where high-security information is directly leaked to output. Analysis tools that enforce noninterference also prevent implicit flows of information, where high-security information can be inferred from a program’s flow of control. However, these tools have seen little use in practice, despite the stronger guarantees that they provide.

To better understand why, this paper experimentally investigates the explicit and implicit flows identified by the standard algorithm for establishing noninterference. When applied to implementations of authentication and cryptographic functions, the standard algorithm discovers many real implicit flows of information, but also reports an extremely high number of false alarms, most of which are due to conservative handling of unchecked exceptions (e.g., null pointer exceptions). After a careful analysis of all sources of true and false alarms, due to both implicit and explicit flows, the paper concludes with some ideas to improve the false alarm rate, toward making stronger security analysis more practical.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: The case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium (2002)

    Google Scholar 

  2. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  3. Broadwell, P., Harren, M., Sastry, N.: Scrash: a system for generating secure crash information. In: Proceedings of the 12th conference on USENIX Security Symposium (2003)

    Google Scholar 

  4. Chalin, P., Kiniry, J.R., Leavens, G.T., Poll, E.: Beyond Assertions: Advanced Specification and Verification with JML and ESC/Java2., pp. 342–363. Springer, Heidelberg (2006)

    Google Scholar 

  5. Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: Proceedings of the 11th USENIX Security Symposium, pp. 171–190. USENIX Association, Berkeley (2002)

    Google Scholar 

  6. Chen, K., Wagner, D.: Large-scale analysis of format string vulnerabilities in Debian Linux. In: Proceedings of the 2007 workshop on Programming languages and analysis for security (2007)

    Google Scholar 

  7. Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: Toward a secure voting system. In: IEEE Symposium on Security and Privacy, pp. 354–368 (2008)

    Google Scholar 

  8. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI, vol. 37, pp. 234–245 (June 2002)

    Google Scholar 

  9. Fortify Software. Fortify, http://www.fortify.com/

  10. Foster, J.S., Fähndrich, M., Aiken, A.: A theory of type qualifiers. In: PLDI, pp. 192–203 (1999)

    Google Scholar 

  11. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  12. Hicks, B., Ahmadizadeh, K., McDaniel, P.: From Languages to Systems: Understanding Practical Application Development in Security-typed Languages. In: Jesshope, C., Egan, C. (eds.) ACSAC 2006. LNCS, vol. 4186. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Johnson, R., Wagner, D.: Finding user/kernel pointer bugs with type inference. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, p. 9. USENIX Association, Berkeley (2004)

    Google Scholar 

  14. King, D., Jaeger, T., Jha, S., Seshia, S.A.: Effective blame for information-flow violations. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086. Springer, Heidelberg (2008)

    Google Scholar 

  15. Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1(4), 323–337 (1992)

    Article  Google Scholar 

  16. Martin, M., Livshits, B., Lam, M.S.: Finding application errors and security flaws using PQL: a program query language. In: OOPLSA, pp. 365–383. ACM, New York (2005)

    Google Scholar 

  17. McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: PLDI, pp. 193–205 (2008)

    Google Scholar 

  18. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL, pp. 228–241 (January 1999)

    Google Scholar 

  19. Pottier, F., Simonet, V.: Information flow inference for ML. In: POPL, pp. 319–330. ACM, New York (2002)

    Google Scholar 

  20. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)

    Google Scholar 

  21. Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proceedings of the 10th conference on USENIX Security Symposium (2001)

    Google Scholar 

  22. Sharir, M., Pnueli, A.: Two approaches to interprocedural dataflow analysis. In: Program Flow Analysis: Theory and Applications, pp. 189–234. Prentice-Hall, Englewood Cliffs (1981)

    Google Scholar 

  23. Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–546. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  24. Xie, Y., Aiken, A.: Saturn: A scalable framework for error detection using boolean satisfiability. ACM Transactions on Programming Languages and Systems 29(3) (2007)

    Google Scholar 

  25. Zhang, X., Edwards, A., Jaeger, T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium, pp. 33–48. USENIX Association, Berkeley (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Pennsylvania State University, USA

    Dave King & Trent Jaeger

  2. Saint Vincent College, USA

    Boniface Hicks

  3. University of Maryland, College Park, USA

    Michael Hicks

Authors
  1. Dave King
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Boniface Hicks
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Hicks
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Trent Jaeger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Stony Brook University, NY 11794-4400, Stony Brook, USA

    R. Sekar

  2. Department of Computer and Information Sciences, University of Hyderabad, 500 046, Hyderabad, India

    Arun K. Pujari

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

King, D., Hicks, B., Hicks, M., Jaeger, T. (2008). Implicit Flows: Can’t Live with ‘Em, Can’t Live without ‘Em. In: Sekar, R., Pujari, A.K. (eds) Information Systems Security. ICISS 2008. Lecture Notes in Computer Science, vol 5352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89862-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89862-7_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89861-0

  • Online ISBN: 978-3-540-89862-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation