Title :
Eliminating formal flows in automated information flow analysis
Author :
Eckmann, Steven T.
Author_Institution :
Unisys Corp., Salt Lake City, UT, USA
Abstract :
Automated flow tools for formal specification languages have the potential to increase assurance and productivity of covert channel analysts by automating much of the work, but they are not reaching that potential now. Perhaps the most serious flaw in existing flow tools is that they typically report large numbers of so-called formal flows. The paper examines the causes of formal flows and describes a technique for eliminating many of them. The result is more practical automated flow analysis. The paper describes an extension for eliminating the formal flows identified by T. Fine (1992), as the major flaw in the ft-policy, and a technique for implementing the extended ft-policy in flow tools. The technique uses a construct called an opaque definition, which is essentially a hint from the specification writer to the flow tool, suggesting semantic information that might be useful in the flow analysis
Keywords :
automatic programming; cryptography; formal specification; security of data; software quality; specification languages; automated flow tools; automated information flow analysis; covert channel analysis methods; formal flows; formal specification languages; practical automated flow analysis; Concrete; Formal specifications; Information analysis; Productivity; Risk analysis; Security;
Conference_Titel :
Research in Security and Privacy, 1994. Proceedings., 1994 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-5675-1
DOI :
10.1109/RISP.1994.296594
