International On Static Analysis

SAS 2015: Static Analysis pp 1-17 | Cite as

Static Analysis of Non-interference in Expressive Low-Level Languages

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9291)

Abstract

Early work in implicit information flow detection applied only to flat, procedureless languages with structured control-flow (e.g., if statements, while loops). These techniques have yet to be adequately extended and generalized to expressive languages with interprocedural, exceptional and irregular control-flow behavior. We present an implicit information flow analysis suitable for languages with conditional jumps, dynamically dispatched methods, and exceptions. We implement this analysis for the Dalvik bytecode format, the substrate for Android. In order to capture information flows across interprocedural and exceptional boundaries, this analysis uses a projection of a small-step abstract interpreter’s rich state graph instead of the control-flow graph typically used for such purposes in weaker linguistic settings. We present a proof of termination-insensitive non-interference. To our knowledge, it is the first analysis capable of proving non-trivial non-interference in a language with this combination of features.

References

  1. 1.
    Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014, pp. 259–269. ACM, New York (2014)Google Scholar
  2. 2.
    Askarov, A., Hunt, S., Sabelfeld, A., Sands, D.: Termination-insensitive noninterference leaks more than just a bit. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 333–348. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  3. 3.
    Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: Proceedings of the 2005 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation, TLDI 2005, pp. 103–112. ACM, New York, January 2005Google Scholar
  4. 4.
    Cavallaro, L., Saxena, P., Sekar, R.: On the limits of information flow techniques for malware analysis and containment. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 143–163. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  5. 5.
    Chang, W., Streiff, B., Lin, C.: Efficient and extensible security enforcement using dynamic data flow analysis. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 39–50. ACM, New York (2008)Google Scholar
  6. 6.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)MATHCrossRefGoogle Scholar
  8. 8.
    Earl, C., Sergey, I., Might, M., Van Horn, D.: Introspective pushdown analysis of higher-order programs. In: Proceedings of the 17th ACM SIGPLAN International Conference on Functional Programming, ICFP 2012, pp. 177–188. ACM, New York (2012)Google Scholar
  9. 9.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones, pp. 1–6 (2010)Google Scholar
  10. 10.
    Fenton, J.S.: Memoryless subsystems. Comput. J. 17(2), 143–147 (1974)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Genaim, S., Spoto, F.: Information flow analysis for java bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346–362. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  12. 12.
    Giacobazzi, R., Mastroeni, I.: Abstract non-interference: parameterizing non-interference by abstract interpretation. In: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2004, pp. 186–197. ACM, New York (2004)Google Scholar
  13. 13.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: 2012 IEEE Symposium on Security and Privacy, p. 11. IEEE Computer Society (1982)Google Scholar
  14. 14.
    Google. Bytecode for the Dalvik VM (2014). http://source.android.com/devices/tech/dalvik/dalvik-bytecode.html
  15. 15.
    Google. Dalvik executable format (2014). http://source.android.com/devices/tech/dalvik/dex-format.html
  16. 16.
    Jia, L., Aljuraidan, J., Fragkaki, E., Bauer, L., Stroucken, M., Fukushima, K., Kiyomoto, S., Miyake, Y.: Run-time enforcement of information-flow properties on android. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 775–792. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  17. 17.
    Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: dynamic taint analysis with targeted control-flow propagation. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2011. The Internet Society, February 2011Google Scholar
  18. 18.
    Kim, J., Yoon, Y., Yi, K., Shin, J.: Scandal: static analyzer for detecting privacy leaks in android applications. In: Mobile Security Technologies (2012)Google Scholar
  19. 19.
    Liang, S., Keep, A.W., Might, M., Lyde, S., Gilray, T., Aldous, P., Van Horn, D.: Sound and precise malware analysis for android via pushdown reachability and entry-point saturation. In: Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM 2013, pp. 21–32. ACM, New York (2013)Google Scholar
  20. 20.
    Liang, S., Might, M.: Hash-flow taint analysis of higher-order programs. In: Proceedings of the 7th Workshop on Programming Languages and Analysis for Security, PLAS 2012, pp. 8:1–8:12. ACM, New York (2012)Google Scholar
  21. 21.
    Liu, Y., Milanova, A.: Static information flow analysis with handling of implicit flows and a study on effects of implicit flows vs explicit flows. In: 2010 14th European Conference on Software Maintenance and Reengineering (CSMR), pp. 146–155, March 2010Google Scholar
  22. 22.
    Moore, S., Askarov, A., Chong, S.: Precise enforcement of progress-sensitive security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 881–893. ACM, New York (2012)Google Scholar
  23. 23.
    Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1999, pp. 228–241. ACM, New York (1999)Google Scholar
  24. 24.
    Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. Program. Lang. Syst. (TOPLAS) 25(1), 117–158 (2003)CrossRefGoogle Scholar
  25. 25.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2006)CrossRefGoogle Scholar
  26. 26.
    Sabelfeld, A., Sands, D.: A per model of secure information flow in sequential programs. In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 40–58. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  27. 27.
    Van Horn, D., Might, M.: Abstracting abstract machines. In: Proceedings of the 15th ACM SIGPLAN International Conference on Functional Programming, ICFP 2010, pp. 51–62. ACM, New York (2010)Google Scholar
  28. 28.
    Venkatakrishnan, V.N., Xu, W., DuVarney, D.C., Sekar, R.: Provably correct runtime enforcement of non-interference properties. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 332–351. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  29. 29.
    Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996)Google Scholar
  30. 30.
    Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proceedings of the 10th Computer Security Foundations Workshop, pp. 156–168, June 1997Google Scholar
  31. 31.
    Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol. 15, USENIX Association, Berkeley, CA, USA (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.University of UtahSalt Lake CityUSA

Personalised recommendations