Information Flow Analysis for Go

  • Eric Bodden
  • Ka I. Pun
  • Martin Steffen
  • Volker StolzEmail author
  • Anna-Katharina Wickert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9952)


We present the current state of the art of information flow analyses for Go applications. Based on our findings, we discuss future directions of where static analysis information can be used at runtime to for example achieve higher precision, or optimise runtime checks. We focus specifically on outstanding language features such as closures and message-based communication via channels.


Function Call Tainted Data Imperative Language Taint Analysis Malicious Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Andrews, G.R., Reitman, R.P.: An axiomatic approach to information flow in programs. ACM Trans. Program. Lang. Syst. 2(1), 56–76 (1980)CrossRefzbMATHGoogle Scholar
  2. 2.
    Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Androidapps. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (2014)Google Scholar
  3. 3.
    Coffman Jr., E.G., Elphick, M., Shoshani, A.: System deadlocks. Comput. Surv. 3(2), 67–78 (1971)CrossRefzbMATHGoogle Scholar
  4. 4.
    Cytron, R., et al.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13(4), 451–490 (1991)CrossRefGoogle Scholar
  5. 5.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)CrossRefzbMATHGoogle Scholar
  7. 7.
    Donovan, A.A.A., Kernighan, B.W.: The Go Programming Language (2015)Google Scholar
  8. 8.
    Effective Go - The Go Programming Language. Accessed 29 Apr 2016
  9. 9.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Upper Saddle River (1985)zbMATHGoogle Scholar
  10. 10.
    Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Kobayashi, N.: Type-based information flow analysis for the \(\pi \)-calculus. Acta Informatica 42(4), 291–347 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Laddad, R.: AspectJ in Action: Practical Aspect-Oriented Programming. Manning Publications Co., Greenwich (2003)Google Scholar
  13. 13.
    Livshits, B., Chong, S.: Towards fully automatic placement of security sanitizers and declassifiers. In: The 40th Annual ACMSIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 385–398. ACM (2013)Google Scholar
  14. 14.
    Livshits, V.B., Lam, M.S.: Finding security vulnerabilities in Java applications with static analysis. In: Proceedings of the 14th Conference on USENIX Security Symposium. SSYM 2005. USENIX Association (2005)Google Scholar
  15. 15.
    Livshits, V.B., Lam, M.S.: Tracking pointers with path and context sensitivity for bug detection in C programs. In: Proceedings of the 9th European Software Engineering Conference. ESEC/FSE-11, pp. 317–326. ACM (2003)Google Scholar
  16. 16.
    Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, Part I/II. Inf. Comput. 100, 1–77 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages, pp. 228–241 (1999)Google Scholar
  18. 18.
    Nielson, F., Nielson, H.-R., Hankin, C.L.: Principles of Program Analysis. Springer, Heidelberg (1999)CrossRefzbMATHGoogle Scholar
  19. 19.
    Padhye, R., Khedker, U.P.: Interprocedural data flow analysis in SOOT using value contexts. In: Proceedings of the 2nd ACM SIGPLAN International Workshop on State of the Art in Java Program Analysis. ACM (2013)Google Scholar
  20. 20.
    Pistoia, M., Flynn, R.J., Koved, L., Sreedhar, V.C.: Interprocedural analysis for privileged code placement and tainted variable detection. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 362–386. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. Program. Lang. Syst. 25(1), 117–158 (2003)CrossRefzbMATHGoogle Scholar
  22. 22.
    Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 317–331. IEEE (2010)Google Scholar
  23. 23.
    Steffen, M.: A small-step semantics of a concurrent calculus with goroutines and deferred functions. In: Abraham, E., Bonsangue, M., Johnsen, E.B. (eds.) Theory and Practice of Formal Methods: Essays Dedicated to Frank de Boer on the Occasion of His 60th Birthday. LNCS, vol. 9660, pp. 393–406. Springer, Heidelberg (2016)CrossRefGoogle Scholar
  24. 24.
    Stolz, V., Bodden, E.: Temporal assertions using AspectJ. Electron. Notes Theor. Comput. Sci. 144(4), 109–124 (2006)CrossRefGoogle Scholar
  25. 25.
    Summerfield, M.: Programming in Go (2012)Google Scholar
  26. 26.
    The cover story - The Go Blog. Accessed 29 Apr 2016
  27. 27.
    Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Eric Bodden
    • 1
    • 2
  • Ka I. Pun
    • 3
  • Martin Steffen
    • 3
  • Volker Stolz
    • 3
    • 4
    Email author
  • Anna-Katharina Wickert
    • 1
  1. 1.Technical University of DarmstadtDarmstadtGermany
  2. 2.University of PaderbornPaderbornGermany
  3. 3.University of OsloOsloNorway
  4. 4.Bergen University CollegeBergenNorway

Personalised recommendations