A Method of Secure Information Flow Based on Data Flow Analysis
The secure information flow based on data flow analysis have studied for many years. The existing methods tend to be overly conservative, giving “insecure” answers to many “secure” programs, or to be overly attention to location information leak, existing location information leak does not imply there is information leak in a program. The method described in this paper is designed to be more precise than previous syntactic methods. The soundness of the analysis is proved.
KeywordsFormal semantics Static analysis Data flow analysis Secure information flow
Unable to display preview. Download preview PDF.
- 1.Sabelfeld, Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communication 21(1) (January 2003)Google Scholar
- 2.Volpano, D., Smith, G.: A Type-Based Approach to Program Security. In: Proceeding of TAPSOFT 1997, Colloquium on Formal Approaches in Software Engineering, Lille France, April 14-18 (1997)Google Scholar
- 3.Volpano, D., Smith, G., Irvine, C.: A Sound Type System for Secure Flow Analysis. Journal of Computer Security (July 1996)Google Scholar
- 5.Doh, K.-G., Shin, S.C.: Data Flow Analysis of Secure Information-Flow. ACM SIGPLAN Notices 37(8) (August 2002)Google Scholar
- 6.Joshi, R., Leino, K.R.M.: A semantic approach to secure information flow. Science of Computer Programming 37, 113–138 (2000)Google Scholar
- 8.Darvas, A., Hähnle, R., Sands, D.: A Theorem Proving Approach Analysis of Secure Information Flow. Technical Report no (January 2004)Google Scholar
- 10.Nielson, H.R., Nielson, F.: Semantics with Applications a Formal Introduction (July 1999)Google Scholar
- 11.Nielson, F., Nielson, H.R., Hankin, C.: Principles if Program Analysis. Springer, Heidelberg (1999)Google Scholar