Skip to main content
SpringerLink
Log in

Information Leakage Analysis by Abstract Interpretation

  • Conference paper
Book cover SOFSEM 2011: Theory and Practice of Computer Science (SOFSEM 2011)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 6543))

Abstract

Protecting the confidentiality of information stored in a computer system or transmitted over a public network is a relevant problem in computer security. The approach of information flow analysis involves performing a static analysis of the program with the aim of proving that there will not be leaks of sensitive information. In this paper we propose a new domain that combines variable dependency analysis, based on propositional formulas, and variables’ value analysis, based on polyhedra. The resulting analysis is strictly more accurate than the state of the art abstract interpretation based analyses for information leakage detection. Its modular construction allows to deal with the tradeoff between efficiency and accuracy by tuning the granularity of the abstraction and the complexity of the abstract operators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bagnara, R., Hill, P.M., Zaffanella, E.: The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Science of Computer Programming 72(1–2), 3–21 (2008)

    Article  MathSciNet  Google Scholar 

  2. Bodei, C., Degano, P., Nielson, F., Riis Nielson, H.: Static analysis for secrecy and non-interference in networks of processes. In: Malyshkin, V.E. (ed.) PaCT 2001. LNCS, vol. 2127, pp. 27–41. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Braghin, C., Cortesi, A., Focardi, R.: Information flow security in boundary ambients. Inf. Comput. 206(2-4), 460–489 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  4. Centenaro, M., Focardi, R., Luccio, F.L., Steel, G.: Type-based analysis of pin processing apis. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 53–68. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Cortesi, A., File, G., Winsborough, W.: Optimal groundness analysis using propositional logic. The Journal of Logic Programming 27(2), 137–167 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  6. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Conference Record of the Sixth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 269–282. ACM Press, New York (1979)

    Chapter  Google Scholar 

  7. Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Conference Record of the Fifth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 84–97. ACM Press, New York (1978)

    Chapter  Google Scholar 

  8. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  9. Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages, POPL 2004, pp. 186–197. ACM, New York (2004)

    Google Scholar 

  10. Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, vol. 0, p. 11 (1982)

    Google Scholar 

  11. Van Hentenryck, P., Cortesi, A., Le Charlier, B.: Evaluation of the domain prop. The Journal of Logic Programming 23(3), 237–278 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  12. Jeannet, B.: Convex Polyhedra Library, release 1.1.3c edn., Documentation of the “New Polka” library (March 2002), http://www.irisa.fr/prive/Bertrand.Jeannet/newpolka.html

  13. Karr, M.: Affine relationships among variables of a program. Acta Inf. 6, 133–151 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  14. Smith, G.: Principles of secure information flow analysis. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol. 27, pp. 291–307. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Tolstrup, T.K., Nielson, F., Nielson, H.R.: Information flow analysis for vhdl. In: PaCT, pp. 79–98 (2005)

    Google Scholar 

  16. Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2-3), 167–187 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Università Ca’ Foscari Venezia, Italy

    Matteo Zanioli & Agostino Cortesi

  2. Université Paris Diderot, Paris 7, France

    Matteo Zanioli

Authors
  1. Matteo Zanioli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Agostino Cortesi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ivana Černá, Department of Computer Science, Faculty of Informatics, Faculty of Informatics, Masaryk University, Botanicka 68 a, 602 00, Brno, Czech Republic

    Ivana Černá

  2. Department of Software Engineering, University of Szeged, Árpád tér 2., 6720, Szeged, Hungary

    Tibor Gyimóthy

  3. Informationstechnologie und Ausbildung, CAB F 16, F 13.1, Universitätstraße 6, ETH Zürich, 8092, Zürich, Switzerland

    Juraj Hromkovič

  4. School of History and Anthropology, Queen’s University, 15 University Square, BT7 1NN, Belfast, UK

    Keith Jefferey

  5. Department of Computer Science, Comenius University, 84248, Bratislava, Slovakia

    Rastislav Králović

  6. EURECOM, 2229 2229 Route des Crêtes, BP 193, 06904, Sophia Antipolis cedex, France

    Marko Vukolić

  7. Institute of Theoretical Computer Science, ETH Zürich, IFW E49.1, Haldeneggsteig 4, 8092, Zürich, Switzerland

    Stefan Wolf

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zanioli, M., Cortesi, A. (2011). Information Leakage Analysis by Abstract Interpretation. In: Černá, I., et al. SOFSEM 2011: Theory and Practice of Computer Science. SOFSEM 2011. Lecture Notes in Computer Science, vol 6543. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-18381-2_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-18381-2_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-18380-5

  • Online ISBN: 978-3-642-18381-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation