Using Dynamic Pushdown Networks to Automate a Modular Information-Flow Analysis
In this article, we propose a static information-flow analysis for multi-threaded programs with shared memory communication and synchronization via locks. In contrast to many prior analyses, our analysis does not only prevent information leaks due to synchronization, but can also benefit from synchronization for its precision. Our analysis is a novel combination of type systems and a reachability analysis based on dynamic pushdown networks. The security type system supports flow-sensitive tracking of security levels for shared variables in the analysis of one thread by exploiting assumptions about variable accesses by other threads. The reachability analysis based on dynamic pushdown networks verifies that these assumptions are sound using the result of an automatic guarantee inference. The combined analysis is the first automatic static analysis that supports flow-sensitive tracking of security levels while being sound with respect to termination-sensitive noninterference.
KeywordsInformation-flow security Concurrency Static analysis
This work was funded by the DFG under the projects RSCP (MA 3326/4-1/2/3) and IFC4MC (MU 1508/2-1/2/3) in the priority program RS\(^3\) (SPP 1496) and under project OpIAT (MU 1508/1-1/2).
- 2.Arden, O., Chong, S., Liu, J., Myers, A.C., Nystrom, N., Vikram, K., Zdancewic, S., Zhang, D., Zheng, L.: Jif. Software release: http://www.cs.cornell.edu/jif/ (2014)
- 3.Askarov, A., Chong, S., Mantel, H.: Hybrid monitors for concurrent noninterference. In: 28th IEEE Computer Security Foundations Symposium, pp. 137–151 (2015)Google Scholar
- 4.Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: 13th European Symposium on Research in Computer Security, pp. 333–348 (2008)Google Scholar
- 6.Giffhorn, D., Snelting, G.: A new algorithm for low-deterministic security. International Journal of Information Security pp. 1–25 (2014)Google Scholar
- 10.Mantel, H., Sands, D., Sudbrock, H.: Assumptions and guarantees for compositional noninterference. In: 24th IEEE Computer Security Foundations Symposium, pp. 218–232 (2011)Google Scholar
- 12.Myers, A.C.: JFlow: practical mostly-static information flow control. In: 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 228–241 (1999)Google Scholar
- 16.Sabelfeld, A., Sands, D.: Probabilistic noninterference for multi-threaded programs. In: 13th IEEE Computer Security Foundations Workshop, pp. 200–214 (2000)Google Scholar
- 17.Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 355–364 (1998)Google Scholar
- 18.Sudbrock, H.: Compositional and Scheduler-Independent Information Flow Security. Ph.D. thesis, Technische Universität Darmstadt, Germany (2013)Google Scholar
- 19.Terauchi, T.: A type system for observational determinism. In: 21st IEEE Computer Security Foundations Symposium, pp. 287–300 (2008)Google Scholar
- 20.Vaughan, J., Millstein, T.: Secure information flow for concurrent programs under total store order. In: 25th IEEE Computer Security Foundations Symposium, pp. 19–29 (2012)Google Scholar