Title :
Intransitive Noninterference in Dependence Graphs
Author :
Hammer, Christian ; Krinke, Jens ; Nodes, Frank
Author_Institution :
Univ. of Passau, Passau
Abstract :
In classic information flow control (IFC), noninterference guarantees that no information flows from secret input channels to public output channels. However, this notion turned out to be overly restrictive as many intuitively secure programs do allow some release. In this paper we define a static analysis that allows intransitive noninterference in combination with context- sensitive analysis for Java bytecode programs. In contrast to type systems that annotate variables, our approach annotates information sources and sinks. To the best of our knowledge this is the first IFC technique which is flow-, context-, and object- sensitive. It allows IFC for realistic languages like Java or C and offers a mechanism for declassification to accommodate some information leakage for cases where traditional noninterference is too restrictive.
Keywords :
Java; graph theory; program diagnostics; security of data; Java bytecode programs; context-sensitive analysis; dependence graphs; information flow control; intransitive noninterference; static analysis; Control systems; Data security; Data structures; History; Information analysis; Information security; Java; Joining processes; Lattices;
Conference_Titel :
Leveraging Applications of Formal Methods, Verification and Validation, 2006. ISoLA 2006. Second International Symposium on
Conference_Location :
Paphos
Print_ISBN :
978-0-7695-3071-0
DOI :
10.1109/ISoLA.2006.39
