Abstract
Information flow analysis models the propagation of data through a software system and identifies unintended information leaks. There is a wide range of such analyses, tracking flows statically, dynamically, or in a hybrid way combining both static and dynamic approaches.
We present a hybrid information flow analysis for a large subset of the C programming language. Extending previous work that handled a few difficult features of C, our analysis can now deal with arrays, pointers with pointer arithmetic, structures, dynamic memory allocation, complex control flow, and statically resolvable indirect function calls. The analysis is implemented as a plugin to the Frama-C framework.
We demonstrate the applicability and precision of our analyzer by applying it to an open-source cryptographic library. By combining abstract interpretation and monitoring techniques, we verify an information flow policy that proves the absence of control-flow based timing attacks against the implementations of many common cryptographic algorithms. Conversely, we demonstrate that our analysis is able to detect a known instance of this kind of vulnerability in another cryptographic primitive.
This work was supported by the French National Research Agency (ANR), project AnaStaSec, ANR-14-CE28-0014.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Assaf, M.: From qualitative to quantitative program analysis: permissive enforcement of secure information flow. Ph.D. thesis, Université de Rennes 1 (2015). https://hal.inria.fr/tel-01184857
Assaf, M., Signoles, J., Tronel, F., Totel, É.: Program transformation for non-interference verification on programs with pointers. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 231–244. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39218-4_18
Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, PLAS 2009, pp. 113–124. ACM (2009). http://doi.acm.org/10.1145/1554339.1554353
Barany, G.: Hybrid information flow analysis for programs with arrays. In: Hamilton, G., Lisitsa, A., Nemytykh, A.P. (eds.) Proceedings of the Fourth International Workshop on Verification and Program Transformation, Eindhoven, The Netherlands, 2nd. Electronic Proceedings in Theoretical Computer Science, vol. 216, pp. 5–23. Open Publishing Association, April 2016
Baudin, P., Filliâtre, J.C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specification Language. http://frama-c.com/acsl.html
Bernstein, D.J., Lange, T.: Failures in NIST’s ECC standards (2016). https://cr.yp.to/newelliptic/nistecc-20160106.pdf
Bielova, N., Rezk, T.: A taxonomy of information flow monitors. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 46–67. Springer, Heidelberg (2016). doi:10.1007/978-3-662-49635-0_3
Blazy, S., Bühler, D., Yakobowski, B.: Structuring abstract interpreters through state and value abstractions. In: Bouajjani, A., Monniaux, D. (eds.) VMCAI 2017. LNCS, vol. 10145, pp. 112–130. Springer, Cham (2017). doi:10.1007/978-3-319-52234-0_7
Ceara, D., Mounier, L., Potet, M.L.: Taint dependency sequences: a characterization of insecure execution paths based on input-sensitive cause sequences. In: The 3rd International Conference on Software Testing, Verification and Validation Workshops (ICSTW 2010), pp. 371–380 (2010)
Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977). http://doi.acm.org/10.1145/359636.359712
Genkin, D., Packmanov, L., Pipman, I., Shamir, A., Tromer, E.: Physical key extraction attacks on PCs. Commun. ACM 59(6), 70–79 (2016). http://cacm.acm.org/magazines/2016/6/202646-physical-key-extraction-attacks-on-pcs/fulltext
Goguen, J.A., Meseguer, J.: Security policies and security models. In: 1982 IEEE Symposium on Security and Privacy, April 1982
Hedin, D., Bello, L., Sabelfeld, A.: Value-sensitive hybrid information flow control for a javascript-like language. In: Proceedings of the 2015 IEEE 28th Computer Security Foundations Symposium, CSF 2015, pp. 351–365. IEEE Computer Society (2015)
Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: JSFlow: tracking information flow in JavaScript and its APIs. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014, pp. 1663–1671. ACM (2014)
Hunt, S., Sands, D.: On flow-sensitive security types. In: Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006, pp. 79–90. ACM (2006). http://doi.acm.org/10.1145/1111037.1111045
Kerschbaumer, C., Hennigan, E., Larsen, P., Brunthaler, S., Franz, M.: Information flow tracking meets just-in-time compilation. ACM Trans. Archit. Code Optim. 10(4), 38:1–38:25 (2013)
Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Aspects Comput. 27(3), 573–609 (2015). http://dx.doi.org/10.1007/s00165-014-0326-7
Kosmatov, N., Signoles, J.: A lesson on runtime assertion checking with Frama-C. In: Legay, A., Bensalem, S. (eds.) RV 2013. LNCS, vol. 8174, pp. 386–399. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40787-1_29
Le Guernic, G., Banerjee, A., Jensen, T., Schmidt, D.A.: Automata-based confidentiality monitoring. In: Okada, M., Satoh, I. (eds.) ASIAN 2006. LNCS, vol. 4435, pp. 75–89. Springer, Heidelberg (2007). doi:10.1007/978-3-540-77505-8_7. http://dl.acm.org/citation.cfm?id=1782734.1782741
Percival, C.: Cache missing for fun and profit (2005). http://www.daemonology.net/papers/cachemissing.pdf
Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: 2010 23rd IEEE Computer Security Foundations Symposium (CSF), pp. 186–199, July 2010
Smaragdakis, Y., Balatsouras, G.: Pointer analysis. Found. Trends Program. Lang. 2(1), 1–69 (2015). https://yanniss.github.io/points-to-tutorial15.pdf
Volpano, D., Irvine, C., Smith, G.: A sound type system for secure flow analysis. J. Comput. Secur. 4(2–3), 167–187 (1996). http://dl.acm.org/citation.cfm?id=353629.353648
Vorobyov, K., Signoles, J., Kosmatov, N.: Shadow State Encoding for Efficient Monitoring of Block-level Properties Submitted for publication
Xu, W., Bhatkar, S., Sekar, R.: Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol. 15. USENIX Association (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Barany, G., Signoles, J. (2017). Hybrid Information Flow Analysis for Real-World C Code. In: Gabmeyer, S., Johnsen, E. (eds) Tests and Proofs. TAP 2017. Lecture Notes in Computer Science(), vol 10375. Springer, Cham. https://doi.org/10.1007/978-3-319-61467-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-61467-0_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61466-3
Online ISBN: 978-3-319-61467-0
eBook Packages: Computer ScienceComputer Science (R0)