Skip to main content
SpringerLink
Log in

Experiences with PDG-Based IFC

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5965))

Included in the following conference series:

Abstract

Information flow control systems provide the guarantees that are required in today’s security-relevant systems. While the literature has produced a wealth of techniques to ensure a given security policy, there is only a small number of implementations, and even these are mostly restricted to theoretical languages or a subset of an existing language.

Previously, we presented the theoretical foundations and algorithms for dependence-graph-based information flow control (IFC). As a complement, this paper presents the implementation and evaluation of our new approach, the first implementation of a dependence-graph based analysis that accepts full Java bytecode. It shows that the security policy can be annotated in a succinct manner; and the evaluation shows that the increased runtime of our analysis—a result of being flow-, context-, and object-sensitive—is mitigated by better analysis results and elevated practicability. Finally, we show that the scalability of our analysis is not limited by the sheer size of either the security lattice or the dependence graph that represents the program.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aït-Kaci, H., Boyer, R., Lincoln, P., Nasr, R.: Efficient implementation of lattice operations. ACM TOPLAS 11(1), 115–146 (1989)

    Article  Google Scholar 

  2. Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. In: POPL 2006, pp. 91–102. ACM, New York (2006)

    Chapter  Google Scholar 

  3. Askarov, A., Sabelfeld, A.: Security-typed languages for implementation of cryptographic protocols: A case study. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 197–221. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference Java bytecode verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Bieber, P., Cazin, J., Marouani, A.E., Girard, P., Lanet, J.L., Wiels, V., Zanon, G.: The PACAP prototype: a tool for detecting Java Card illegal flow. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 25–37. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Binkley, D., Harman, M., Krinke, J.: Empirical study of optimization techniques for massive slicing. ACM TOPLAS 30(1), 3 (2007)

    Article  Google Scholar 

  7. Chandra, D., Franz, M.: Fine-grained information flow analysis and enforcement in a Java virtual machine. In: 23rd Annual Computer Security Applications Conference, pp. 463–475. IEEE, Los Alamitos (2007)

    Google Scholar 

  8. Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM TOPLAS 9(3), 319–349 (1987)

    Article  MATH  Google Scholar 

  9. Ganguly, D.D., Mohan, C.K., Ranka, S.: A space-and-time-efficient coding algorithm for lattice computations. IEEE Trans. on Knowl. and Data Eng. 6(5), 819–829 (1994)

    Article  Google Scholar 

  10. Genaim, S., Spoto, F.: Information flow analysis for Java bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346–362. Springer, Heidelberg (2005)

    Google Scholar 

  11. Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Symposium on Security and Privacy, pp. 75–86. IEEE, Los Alamitos (1984)

    Google Scholar 

  12. Hammer, C.: Information flow control for Java - a comprehensive approach based on path conditions in dependence graphs. Ph.D. thesis, Universität Karlsruhe (TH), Fak. f. Informatik (2009), URN urn=urn:nbn:de:0072-120494

    Google Scholar 

  13. Hammer, C., Schaade, R., Snelting, G.: Static path conditions for Java. In: PLAS 2008, pp. 57–66. ACM, New York (2008)

    Chapter  Google Scholar 

  14. Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. Journal of Information Security 8(6), 399–422 (2009)

    Article  Google Scholar 

  15. Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM TOPLAS 12(1), 26–60 (1990)

    Article  Google Scholar 

  16. Hubert, L.: A non-null annotation inferencer for Java bytecode. In: PASTE 2008, pp. 36–42. ACM, New York (2008)

    Chapter  Google Scholar 

  17. Hunt, S., Sands, D.: On flow-sensitive security types. In: POPL 2006, pp. 79–90. ACM, New York (2006)

    Chapter  Google Scholar 

  18. Myers, A.C., Chong, S., Nystrom, N., Zheng, L., Zdancewic, S.: Jif: Java information flow, http://www.cs.cornell.edu/jif/

  19. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM TOSEM 9(4), 410–442 (2000)

    Article  Google Scholar 

  20. Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)

    Article  Google Scholar 

  21. Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5), 517–548 (2009)

    Google Scholar 

  22. Smith, S.F., Thober, M.: Improving usability of information flow security in Java. In: PLAS 2007, pp. 11–20. ACM, New York (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Purdue University,  

    Christian Hammer

Authors
  1. Christian Hammer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento Ingegneria e Scienza dell’Informazione, Università di Trento, Via Sommarive 14, 38050, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, Rice University, 3122 Duncan Hall, 6100 Main Street, TX 77005, Houston, USA

    Dan Wallach

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612, Eindhoven, AZ, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hammer, C. (2010). Experiences with PDG-Based IFC. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11747-3_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11746-6

  • Online ISBN: 978-3-642-11747-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation