Title :
Extracting Conditional Confidentiality Policies
Author :
Tschantz, Michael Carl ; Wing, Jeannette M.
Author_Institution :
Comput. Sci. Dept., Carnegie Mellon Univ., Pittsburgh, PA
Abstract :
Programs should keep sensitive information, such as medical records, confidential. We present a static analysis that extracts from a program´s source code a sound approximation of the most restrictive conditional confidentiality policy that the program obeys. To formalize conditional confidentiality policies, we present a modified definition of noninterference that accommodates runtime information. We implement our analysis and experiment with the resulting tool on C programs. While we focus on using our analysis for policy extraction, the process can more generally be used for information flow analysis. Unlike traditional information flow analysis that simply states what flows are possible in a program, our tool also states what conditions must be satisfied by an execution for each flow to be enabled. Furthermore, our analysis is the first to handle interactive I/O while being compositional and flow sensitive.
Keywords :
C language; program diagnostics; security of data; C program; conditional confidentiality policy extraction; information flow analysis; interactive I/O handling; static analysis; Authentication; Authorization; Computer science; Data mining; Databases; Information analysis; Performance analysis; Protection; Runtime; Software engineering; confidentiality; noninterference;
Conference_Titel :
Software Engineering and Formal Methods, 2008. SEFM '08. Sixth IEEE International Conference on
Conference_Location :
Cape Town
Print_ISBN :
978-0-7695-3437-4
DOI :
10.1109/SEFM.2008.46
