Skip to main content
SpringerLink
Log in

Types vs. PDGs in Information Flow Analysis

  • Conference paper
Logic-Based Program Synthesis and Transformation (LOPSTR 2012)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7844))

Abstract

Type-based and PDG-based information flow analysis techniques are currently developed independently in a competing manner, with different strengths regarding coverage of language features and security policies. In this article, we study the relationship between these two approaches. One key insight is that a type-based information flow analysis need not be less precise than a PDG-based analysis. For proving this result we establish a formal connection between the two approaches which can also be used to transfer concepts from one tradition of information flow analysis to the other. The adoption of rely-guarantee-style reasoning from security type systems, for instance, enabled us to develop a PDG-based information flow analysis for multi-threaded programs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amtoft, T., Banerjee, A.: Information Flow Analysis in Logical Form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Boudol, G., Castellani, I.: Noninterference for Concurrent Programs and Thread Systems. Theoretical Computer Science 281(1-2), 109–130 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  3. Cheng, J.: Slicing Concurrent Programs - A Graph-Theoretical Approach. In: Fritszon, P.A. (ed.) AADEBUG 1993. LNCS, vol. 749, pp. 223–240. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  4. Ferrante, J., Ottenstein, K.J., Warren, J.D.: The Program Dependence Graph and its Use in Optimization. ACM Transactions on Programming Languages and Systems 9(3), 319–349 (1987)

    Article  MATH  Google Scholar 

  5. Giffhorn, D., Snelting, G.: Probabilistic Noninterference Based on Program Dependence Graphs. Tech. Rep. 6, Karlsruher Institut für Technologie (KIT) (2012)

    Google Scholar 

  6. Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)

    Google Scholar 

  7. Hammer, C.: Information Flow Control for Java. Ph.D. thesis, Universität Karlsruhe (TH) (2009)

    Google Scholar 

  8. Hammer, C., Snelting, G.: Flow-sensitive, Context-sensitive, and Object-sensitive Information Flow Control based on Program Dependence Graphs. International Journal of Information Security 8(6), 399–422 (2009)

    Article  Google Scholar 

  9. Horwitz, S., Reps, T.W., Binkley, D.: Interprocedural Slicing Using Dependence Graphs. ACM Transactions on Programming Languages and Systems 12(1), 26–60 (1990)

    Article  Google Scholar 

  10. Hsieh, C.S., Unger, E.A., Mata-Toledo, R.A.: Using Program Dependence Graphs for Information Flow Control. Journal of Systems and Software 17(3), 227–232 (1992)

    Article  Google Scholar 

  11. Hunt, S., Sands, D.: On Flow-Sensitive Security Types. In: ACM Symposium on Principles of Programming Languages, pp. 79–90 (2006)

    Google Scholar 

  12. Krinke, J.: Advanced Slicing of Sequential and Concurrent Programs. Ph.D. thesis, Universität Passau (2003)

    Google Scholar 

  13. Mantel, H.: Information Flow and Noninterference. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 605–607. Springer (2011)

    Google Scholar 

  14. Mantel, H., Sands, D.: Controlled Declassification based on Intransitive Noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Mantel, H., Sands, D., Sudbrock, H.: Assumptions and Guarantees for Compositional Noninterference. In: IEEE Computer Security Foundations Symposium, pp. 218–232 (2011)

    Google Scholar 

  16. Myers, A.C.: JFlow: Practical Mostly-Static Information Flow Control. In: ACM Symposium on Principles of Programming Languages, pp. 228–241 (1999)

    Google Scholar 

  17. Naik, M., Palsberg, J.: A Type System Equivalent to a Model Checker. ACM Transactions on Programming Languages and Systems 30(5), 1–24 (2008)

    Article  Google Scholar 

  18. Palsberg, J., O’Keefe, P.: A Type System Equivalent to Flow Analysis. In: ACM Symposium on Principles of Programming Languages, pp. 367–378 (1995)

    Google Scholar 

  19. Rehof, J., Fähndrich, M.: Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability. In: ACM Symposium on Principles of Programming Languages, pp. 54–66 (2001)

    Google Scholar 

  20. Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through Determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 33–53. Springer, Heidelberg (1994)

    Google Scholar 

  21. Sabelfeld, A., Myers, A.C.: Language-based Information-Flow Security. IEEE Journal on Selected Areas in Communication 21(1), 5–19 (2003)

    Article  Google Scholar 

  22. Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: IEEE Computer Security Foundations Workshop, pp. 200–215 (2000)

    Google Scholar 

  23. Smith, G., Volpano, D.: Secure Information Flow in a Multi-threaded Imperative Language. In: ACM Symposium on Principles of Programming Languages, pp. 355–364 (1998)

    Google Scholar 

  24. Volpano, D., Smith, G., Irvine, C.: A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4(3), 1–21 (1996)

    Google Scholar 

  25. Volpano, D., Smith, G.: A Type-Based Approach to Program Security. In: Bidoit, M., Dauchet, M. (eds.) TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  26. Wasserrab, D., Lochbihler, A.: Formalizing a Framework for Dynamic Slicing of Program Dependence Graphs in Isabelle/HOL. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 294–309. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  27. Wasserrab, D., Lohner, D., Snelting, G.: On PDG-based Noninterference and its Modular Proof. In: ACM Workshop on Programming Languages and Analysis for Security, pp. 31–44 (2009)

    Google Scholar 

  28. Zdancewic, S., Myers, A.C.: Observational Determinism for Concurrent Program Security. In: IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, TU Darmstadt, Germany

    Heiko Mantel & Henning Sudbrock

Authors
  1. Heiko Mantel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Henning Sudbrock
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science (DSIC), Complutense University of Madrid, Séneca Avenue 2, 28040, Madrid, Spain

    Elvira Albert

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mantel, H., Sudbrock, H. (2013). Types vs. PDGs in Information Flow Analysis. In: Albert, E. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2012. Lecture Notes in Computer Science, vol 7844. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38197-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38197-3_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38196-6

  • Online ISBN: 978-3-642-38197-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation