Skip to main content
SpringerLink
Log in

Policy Dependent and Independent Information Flow Analyses

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10610))

Included in the following conference series:

Abstract

Information Flow Analysis (IFA) aims at detecting illegal flows of information between program entities. “Legality” is therein specified in terms of various security policies. For the analysis, this opens up two possibilities: building generic, policy independent and building specific, policy dependent IFAs. While the former needs to track all dependencies between program entities, the latter allows for a reduced and thus more efficient analysis.

In this paper, we start out by formally defining a policy independent information flow analysis. Next, we show how to specialize this IFA via policy specific variable tracking, and prove soundness of the specialization. We furthermore investigate refinement relationships between policies, allowing an IFA for one policy to be employed for its refinements. As policy refinement depends on concrete program entities, we additionally propose a precomputation of policy refinement conditions, enabling an efficient refinement check for concrete programs.

This work was partially supported by the German Research Foundation (DFG) within the Collaborative Research Centre “On-The-Fly Computing” (SFB 901).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Actually, Ubuntu was executed in the Oracle VM Virtual Box version 4.3.28 running on a 64 bit Windows with 8192.

References

  1. Amtoft, T., Banerjee, A.: Information flow analysis in logical form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004). doi:10.1007/978-3-540-27864-1_10

    Chapter  Google Scholar 

  2. Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI, pp. 259–269. ACM (2014)

    Google Scholar 

  3. Beyer, D., Henzinger, T.A., Théoduloz, G.: Configurable software verification: concretizing the convergence of model checking and program analysis. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 504–518. Springer, Heidelberg (2007). doi:10.1007/978-3-540-73368-3_51

    Chapter  Google Scholar 

  4. Beyer, D., Keremoglu, M.E., Wendler, P.: Predicate abstraction with adjustable-block encoding. In: Bloem, R., Sharygina, N. (eds.) FMCAD 2010, pp. 189–197. IEEE (2010)

    Google Scholar 

  5. Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, 1989, pp. 206–214. IEEE Computer Society (1989)

    Google Scholar 

  6. Foley, S.N.: Unifying Information Flow Policies. Technical report, DTIC Document (1990)

    Google Scholar 

  7. Foley, S.N.: Aggregation and separation as noninterference properties. J. Comput. Secur. 1(2), 159–188 (1992)

    Article  MathSciNet  Google Scholar 

  8. Hammer, C., Krinke, J., Snelting, G.: Information flow control for java based on path conditions in dependence graphs. In: IEEE International Symposium on Secure Software Engineering 2006 (2006)

    Google Scholar 

  9. Holavanalli, S., Manuel, D., Nanjundaswamy, V., Rosenberg, B., Shen, F., Ko, S.Y., Ziarek, L.: Flow permissions for android. In: ASE, pp. 652–657 (2013)

    Google Scholar 

  10. Horwitz, S., Reps, T.W.: The use of program dependence graphs in software engineering. In: Montgomery, T., Clarke, L.A., Ghezzi, C. (eds.) ICSE 1992, pp. 392–411. ACM Press (1992)

    Google Scholar 

  11. Hunt, S., Sands, D.: On flow-sensitive security types. In: POPL 2006 (2006)

    Google Scholar 

  12. Jakobs, M., Wehrheim, H.: Certification for configurable program analysis. In: Rungta, N., Tkachuk, O. (eds.) SPIN 2014, pp. 30–39. ACM (2014)

    Google Scholar 

  13. Jakobs, M., Wehrheim, H.: Programs from proofs of predicated dataflow analyses. In: Wainwright, R.L., Corchado, J.M., Bechini, A., Hong, J. (eds.) SAC 2015, pp. 1729–1736. ACM (2015)

    Google Scholar 

  14. Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. In: SOAP, pp. 1–6 (2014)

    Google Scholar 

  15. Rustan, K., Leino, M., Joshi, R.: A semantic approach to secure information flow. In: Jeuring, J. (ed.) MPC 1998. LNCS, vol. 1422, pp. 254–271. Springer, Heidelberg (1998). doi:10.1007/BFb0054294

    Chapter  Google Scholar 

  16. Lengauer, T., Tarjan, R.E.: A fast algorithm for finding dominators in a flowgraph. ACM Trans. Program. Lang. Syst. 1(1), 121–141 (1979)

    Article  MATH  Google Scholar 

  17. Mantel, H.: Possibilistic definitions of security - an assembly kit. In: IEEE Computer Security Foundations Workshop, CSFW 2000. IEEE Computer Society (2000)

    Google Scholar 

  18. Mantel, H.: Preserving information flow properties under refinement. In: IEEE Symposium on Security and Privacy 2001, pp. 78–91. IEEE Computer Society (2001)

    Google Scholar 

  19. Mantel, H.: On the composition of secure systems. In: IEEE Symposium on Security and Privacy 2002 (2002)

    Google Scholar 

  20. Necula, G.C.: Proof-carrying code. In: Lee, P., Henglein, F., Jones, N.D. (eds.) POPL 1997, pp. 106–119. ACM Press (1997)

    Google Scholar 

  21. Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, New York (1999)

    Book  MATH  Google Scholar 

  22. Taghdiri, M., Snelting, G., Sinz, C.: Information flow analysis via path condition refinement. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 65–79. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19751-2_5

    Chapter  Google Scholar 

  23. Töws, M., Wehrheim, H.: A CEGAR scheme for information flow analysis. In: Ogata, K., Lawford, M., Liu, S. (eds.) ICFEM 2016. LNCS, vol. 10009, pp. 466–483. Springer, Cham (2016). doi:10.1007/978-3-319-47846-3_29

    Chapter  Google Scholar 

  24. Wei, F., Roy, S., Ou, X., Robby: amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. In: CCS, pp. 1329–1341. ACM, New York (2014)

    Google Scholar 

  25. Yang, Z., Yang, M.: LeakMiner: detect information leakage on android with static taint analysis. In: WCSE, pp. 101–104 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Paderborn University, Paderborn, Germany

    Manuel Töws & Heike Wehrheim

Authors
  1. Manuel Töws
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Heike Wehrheim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manuel Töws .

Editor information

Editors and Affiliations

  1. Xidian University, Xi’an, China

    Zhenhua Duan

  2. University of Oxford, Oxford, United Kingdom

    Luke Ong

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Töws, M., Wehrheim, H. (2017). Policy Dependent and Independent Information Flow Analyses. In: Duan, Z., Ong, L. (eds) Formal Methods and Software Engineering. ICFEM 2017. Lecture Notes in Computer Science(), vol 10610. Springer, Cham. https://doi.org/10.1007/978-3-319-68690-5_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-68690-5_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-68689-9

  • Online ISBN: 978-3-319-68690-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation