Title :
Noninterference in the presence of non-opaque pointers
Author :
Hedin, Daniel ; Sands, David
Author_Institution :
Chalmers Univ. of Technol.
Abstract :
A common theoretical assumption in the study of information flow security in Java-like languages is that pointers are opaque - i.e., that the only properties that can be observed of pointers are the objects to which they point, and (at most) their equality. These assumptions often fail in practice. For example, various important operations in Java´s standard API, such as hashcodes or serialization, might break pointer opacity. As a result, information-flow static analyses which assume pointer opacity risk being unsound in practice, since the pointer representation provides an unchecked implicit leak. We investigate information flow in the presence of non-opaque pointers for an imperative language with records, pointer instructions and exceptions, and develop an information flow aware type system which guarantees noninterference
Keywords :
Java; program diagnostics; security of data; Java standard API; Java-like languages; hashcodes; information flow security; information-flow static analyses; noninterference; nonopaque pointers; pointer opacity risk; pointer representation; serialization; Computer security; Conferences; Data security; Information analysis; Information security; Java; Printing; Risk analysis; Runtime environment; Timing;
Conference_Titel :
Computer Security Foundations Workshop, 2006. 19th IEEE
Conference_Location :
Venice
Print_ISBN :
0-7695-2615-2
DOI :
10.1109/CSFW.2006.19
