Abstract
It has become common practice to formally verify the correctness of information-flow analyses wrt. noninterference-like properties. An orthogonal problem is to ensure the correctness of implementations of such analyses. In this article, we propose the benchmark suite IFSpec, which provides sample programs for checking that an information-flow analyzer correctly classifies them as secure or insecure. Our focus is on the Java and Android platforms, and IFSpec supports Java source code, Java bytecode, and Dalvik bytecode. IFSpec is structured into categories that address multiple types of information leakage. We employ IFSpec to validate and compare four information-flow analyzers: Cassandra, Joana, JoDroid, and KeY. IFSpec is based on RIFL, the RS\(^3\) Information-Flow Specification Language, and is open to extensions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The benchmark suite, including all samples, evaluation results, the benchmarked tools, information how to run information-flow analyzers on IFSpec, and how to contribute to IFSpec is available under www.spp-rs3.de/IFSpec.
References
HPE Security Fortify Static Code Analyzer (SCA). https://saas.hpe.com/en-us/software/sca. Accessed 8 Aug 2018
IBM Security AppScan. https://www.ibm.com/developerworks/downloads/r/appscan/index.html. Accessed 8 Aug 2018
SDK Platform Release Notes. https://developer.android.com/studio/releases/platforms.html. Accessed 8 Aug 2018
Ahrendt, W., et al.: The KeY platform for verification and analysis of Java programs. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 55–71. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-12154-3_4
The Activity Lifecycle of Android. https://developer.android.com/guide/components/activities/activity-lifecycle.html. Accessed 8 Aug 2018
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014, pp. 259–269 (2014)
Balyo, T., Heule, M.J., Järvisalo, M.: SAT competition 2016: recent developments. In: AAAI 2017, pp. 5061–5063 (2017)
Bauereiß, T., et al.: RIFL 1.1: a common specification language for information-flow requirements. Technical report TUD-CS-2017-0225, TU Darmstadt (2017)
Beckert, B., Bruns, D., Klebanov, V., Scheben, C., Schmitt, P.H., Ulbrich, M.: Information flow in object-oriented software. In: Gupta, G., Peña, R. (eds.) LOPSTR 2013. LNCS, vol. 8901, pp. 19–37. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14125-1_2
Bischof, S., Breitner, J., Graf, J., Hecker, M., Mohr, M., Snelting, G.: Low-deterministic security for low-deterministic programs. J. Comput. Secur. 26, 335–336 (2018)
Blackburn, S.M., et al.: The DaCapo benchmarks: Java benchmarking development and analysis. In: OOPSLA 2006, pp. 169–190 (2006)
Breitner, J., Graf, J., Hecker, M., Mohr, M., Snelting, G.: On improvements of low-deterministic security. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 68–88. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49635-0_4
Bull, J.M., Smith, L.A., Westhead, M.D., Henty, D.S., Davey, R.A.: A benchmark suite for high performance Java. In: JAVA 1999, pp. 81–88 (1999)
Cohen, E.S.: Information transmission in sequential programs. In: Foundations of Secure Computation, pp. 297–335 (1978)
Cok, D.R., Déharbe, D., Weber, T.: The 2014 SMT competition. J. Satisf. Boolean Model. Comput. 9, 207–242 (2016)
S. P. E. Corporation. Spec CPU Benchmarks. https://www.spec.org/benchmarks.html#cpu. Accessed Apr 8 Aug 2018
Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)
Feiertag, R.J., Levitt, K.N., Robinson, L.: Proving multilevel security of a system design. In: SOSP 1977, pp. 57–65 (1977)
Fritz, C., Arzt, S., Rasthofer, S.: DroidBench 2.0. https://github.com/secure-software-engineering/DroidBench. Accessed 8 Aug 2018
Goguen, J.A., Meseguer, J.: Security policies and security models. In: S&P 1982, pp. 11–20 (1982)
Graf, J., Hecker, M., Mohr, M.: Using JOANA for information flow control in Java programs - a practical guide. In: ATPS 2013, pp. 123–138 (2013)
Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. J. Inf. Secur. 8(6), 399–422 (2009)
Hara, Y., Tomiyama, H., Honda, S., Takada, H., Ishii, K.: CHStone: a benchmark program suite for practical C-based high-level synthesis. In: ISCAS 2008, pp. 1192–1195 (2008)
Henning, J.L.: SPEC CPU2000: measuring CPU performance in the New Millennium. Computer 33(7), 28–35 (2000)
Hoos, H.H., Stützle, T.: SATLIB: an online resource for research on SAT. In: Sat 2000: highlights of satisfiability research in the year 2000, pp. 283–292 (2000)
Ku, K., Hart, T.E., Chechik, M., Lie, D.: A buffer overflow benchmark for software model checkers. In: ASE 2007, pp. 389–392 (2007)
Lortz, S., Mantel, H., Starostin, A., Bähr, T., Schneider, D., Weber, A.: Cassandra: towards a certifying app store for Android. In: SPSM 2014, pp. 93–104 (2014)
Lux, A., Mantel, H.: Declassification with explicit reference points. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 69–85. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_5
Lux, A., Mantel, H.: Who can declassify? In: FAST 2009, pp. 35–49 (2009)
Mantel, H.: Information flow and noninterference. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, 2nd edn., pp. 605–607. Springer, New York (2011)
Millen, J.K.: Information flow analysis of formal specifications. In: S&P 1981, pp. 3–8 (1981)
Mohr, M., Graf, J., Hecker, M.: JoDroid: adding android support to a static information flow control tool. In: SE 2015, pp. 140–145 (2015)
Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification. In: CSFW 2004, pp. 172–186 (2004)
Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif 3.0: Java Information Flow. http://www.cs.cornell.edu/jif. Accessed 8 Aug 2018
Pelánek, R.: BEEM: benchmarks for explicit model checkers. In: Bošnački, D., Edelkamp, S. (eds.) SPIN 2007. LNCS, vol. 4595, pp. 263–267. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73370-6_17
Rushby, J.M.: Design and verification of secure systems. In: Proceedings of the Eighth ACM Symposium on Operating System Principles, pp. 12–21 (1981)
Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-37621-7_9
Sim, S.E., Easterbrook, S., Holt, R.C.: Using benchmarking to advance research: a challenge to software engineering. In: ICSE 2003, pp. 74–83 (2003)
Smith, L.A., Bull, J.M., Obdrizalek, J.: A parallel Java grande benchmark suite. In: SC 2001, p. 8 (2001)
Stanford SecuriBench. http://suif.stanford.edu/~livshits/work/securibench/intro.html. Accessed 8 Aug 2018
SecuriBench Micro. https://github.com/too4words/securibench-micro. Accessed 8 Aug 2018
Sutcliffe, G.: The TPTP problem library and associated infrastructure. J. Autom. Reason. 43(4), 337–361 (2009)
Sutcliffe, G., Schulz, S., Claessen, K., Van Gelder, A.: Using the TPTP language for writing derivations and finite interpretations. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS, vol. 4130, pp. 67–81. Springer, Heidelberg (2006). https://doi.org/10.1007/11814771_7
Wasserrab, D., Lohner, D.: Proving information flow noninterference by reusing a machine-checked correctness proof for slicing. In: VERIFY 2010
Zanioli, M., Ferrara, P., Cortesi, A.: SAILS: static analysis of information leakage with sample. In: SAC 2012, pp. 1308–1313 (2012)
Acknowledgments
We thank the anonymous reviewers for their helpful comments and the participants of the RS\(^3\) Staff Meeting 2016 for contributing to the samples of IFSpec. This work was supported by the DFG under the projects DeduSec (BE 2334/6-3), IFC4MC (Sn 11/12-3), and RSCP (MA 3326/4-3) in the priority program “Reliably Secure Software Systems” (RS\(^3\), SPP 1496).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Hamann, T., Herda, M., Mantel, H., Mohr, M., Schneider, D., Tasch, M. (2018). A Uniform Information-Flow Security Benchmark Suite for Source Code and Bytecode. In: Gruschka, N. (eds) Secure IT Systems. NordSec 2018. Lecture Notes in Computer Science(), vol 11252. Springer, Cham. https://doi.org/10.1007/978-3-030-03638-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-03638-6_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03637-9
Online ISBN: 978-3-030-03638-6
eBook Packages: Computer ScienceComputer Science (R0)