Skip to main content
SpringerLink
Log in
Book cover

International Conference on Tests and Proofs

TAP 2018: Tests and Proofs pp 83–102Cite as

Using Dependence Graphs to Assist Verification and Testing of Information-Flow Properties

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10889))

Abstract

Information-flow control (IFC) techniques assist in avoiding information leakage of sensitive data to an observable output. Unfortunately, the various IFC approaches are either imprecise, thus producing many false positive alerts, or they do not scale. Using system dependence graphs (SDGs) to model the syntactic dependencies between different program parts is a highly scalable approach that enables to check whether the observable output depends on the sensitive input. While this approach is sound, security violations that it reports can be false alarms. We present a technique to overcome these problems by combining two existing approaches in a novel way. We show how each security violation reported by an SDG-based approach can be used to create a simplified program that can then be handled with a second approach to prove or disprove the reported violation. As the second approach we use deductive verification and test case generation. We show that our approach is sound, and demonstrate its benefits by means of examples. We discuss the challenges of implementing the approach using JOANA and KeY.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Agrawal, H.: On slicing programs with jump statements. In: ACM SIGPLAN Notices, vol. 29, pp. 302–312. ACM (1994)

    Article  Google Scholar 

  2. Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M. (eds.): Deductive Software Verification - The KeY Book: From Theory to Practice. LNCS, vol. 10001. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49812-6

    Book  Google Scholar 

  3. Ahrendt, W., Chimento, J.M., Pace, G.J., Schneider, G.: Verifying data- and control-oriented properties combining static and runtime verification: theory and tools. Formal Methods Syst. Des. 51(1), 200–265 (2017)

    Article  Google Scholar 

  4. Artho, C., Biere, A.: Combined static and dynamic analysis. Electron. Notes Theor. Comput. Sci. 131, 3–14 (2005)

    Article  Google Scholar 

  5. Ball, T., Horwitz, S.: Slicing programs with arbitrary control-flow. In: Fritzson, P.A. (ed.) AADEBUG 1993. LNCS, vol. 749, pp. 206–222. Springer, Heidelberg (1993). https://doi.org/10.1007/BFb0019410

    Chapter  Google Scholar 

  6. Beckert, B., Bischof, S., Herda, M., Kirsten, M., Kleine Büning, M.: Combining graph-based and deduction-based information-flow analysis. In: Workshop on Hot Issues in Security Principles and Trust (HotSpot), pp. 6–25 (2017)

    Google Scholar 

  7. Beckert, B., Bruns, D., Klebanov, V., Scheben, C., Schmitt, P.H., Ulbrich, M.: Information flow in object-oriented software. In: Gupta, G., Peña, R. (eds.) LOPSTR 2013. LNCS, vol. 8901, pp. 19–37. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14125-1_2

    Chapter  Google Scholar 

  8. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)

    Article  MathSciNet  Google Scholar 

  9. Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)

    Article  Google Scholar 

  10. Do, Q.H., Kamburjan, E., Wasser, N.: Towards fully automatic logic-based information flow analysis: an electronic-voting case study. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 97–115. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49635-0_6

    Chapter  Google Scholar 

  11. Ernst, M.D., Perkins, J.H., Guo, P.J., McCamant, S., Pacheco, C., Tschantz, M.S., Xiao, C.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1), 35–45 (2007)

    Article  MathSciNet  Google Scholar 

  12. Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. 9(3), 319–349 (1987)

    Article  Google Scholar 

  13. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Symposium on Security and Privacy (SP), pp. 11–20 (1982)

    Google Scholar 

  14. Graf, J., Hecker, M., Mohr, M.: Using JOANA for information flow control in Java programs - a practical guide. In: Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium), Fachtagung des GI-Fachbereichs Softwaretechnik, Aachen, 26 Februar–1 März 2013, pp. 123–138 (2013). http://subs.emis.de/LNI/Proceedings/Proceedings215/article6906.html

  15. Gruska, D.P.: Information flow testing. Fundamenta Informaticae 128(1–2), 81–95 (2013)

    MathSciNet  MATH  Google Scholar 

  16. Hackett, B., Guo, S.Y.: Fast and precise hybrid type inference for JavaScript. SIGPLAN Not. 47(6), 239–250 (2012)

    Article  Google Scholar 

  17. Hammer, C., Krinke, J., Snelting, G.: Information flow control for Java based on path conditions in dependence graphs. In: Symposium on Secure Software Engineering, pp. 87–96 (2006)

    Google Scholar 

  18. Harman, M., Lakhotia, A., Binkley, D.: Theory and algorithms for slicing unstructured programs. Inf. Softw. Technol. 48(7), 549–565 (2006)

    Article  Google Scholar 

  19. Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst. 12(1), 26–60 (1990)

    Article  Google Scholar 

  20. Hritcu, C., Lampropoulos, L., Spector-Zabusky, A., de Amorim, A.A., Dénès, M., Hughes, J., Pierce, B.C., Vytiniotis, D.: Testing noninterference, quickly. J. Functi. Program. 26 (2016). https://doi.org/10.1017/S0956796816000058

  21. Kiefer, M., Klebanov, V., Ulbrich, M.: Relational program reasoning using compiler IR. J. Autom. Reason. 60(3), 337–363 (2018)

    Article  Google Scholar 

  22. Küsters, R., Truderung, T., Beckert, B., Bruns, D., Kirsten, M., Mohr, M.: A hybrid approach for proving noninterference of Java programs. In: Fournet, C., Hicks, M.W., Viganò, L. (eds.) Computer Security Foundations Symposium (CSF), pp. 305–319. IEEE Computer Society (2015)

    Google Scholar 

  23. Le Guernic, G.: Information flow testing. In: Cervesato, Iliano (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 33–47. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76929-3_4

    Chapter  Google Scholar 

  24. Leavens, G.T., Kiniry, J.R., Poll, E.: A JML tutorial: modular specification and verification of functional behavior for Java. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, p. 37. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_6

    Chapter  Google Scholar 

  25. Lortz, S., Mantel, H., Starostin, A., Bähr, T., Schneider, D., Weber, A.: Cassandra: towards a certifying app store for Android. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pp. 93–104. ACM (2014)

    Google Scholar 

  26. Milushev, D., Beck, W., Clarke, D.: Noninterference via symbolic execution. In: Giese, H., Rosu, G. (eds.) FMOODS/FORTE -2012. LNCS, vol. 7273, pp. 152–168. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30793-5_10

    Chapter  Google Scholar 

  27. Petiot, G., Kosmatov, N., Botella, B., Giorgetti, A., Julliand, J.: Your proof fails? Testing helps to find the reason. In: Aichernig, B.K., Furia, C.A. (eds.) TAP 2016. LNCS, vol. 9762, pp. 130–150. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41135-4_8

    Chapter  Google Scholar 

  28. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2006)

    Article  Google Scholar 

  29. Snelting, G.: Combining slicing and constraint solving for validation of measurement software. In: Cousot, R., Schmidt, D.A. (eds.) SAS 1996. LNCS, vol. 1145, pp. 332–348. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61739-6_51

    Chapter  Google Scholar 

  30. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. 15(4), 410–457 (2006)

    Article  Google Scholar 

  31. Wasserrab, D., Lohner, D.: Proving information flow noninterference by reusing a machine-checked correctness proof for slicing. In: Aderhold, M., Autexier, S., Mantel, H. (eds.) Verification Workshop (VERIFY). EPiC Series in Computing, vol. 3, pp. 141–155 (2010)

    Google Scholar 

  32. Weiser, M.: Program slicing. In: International Conference on Software Engineering (ICSE), pp. 439–449. IEEE Press (1981)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Karlsruhe Institute of Technology, Karlsruhe, Germany

    Mihai Herda & Bernhard Beckert

  2. The Academic College Tel Aviv Yaffo, Tel Aviv, Israel

    Shmuel Tyszberowicz

Authors
  1. Mihai Herda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shmuel Tyszberowicz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernhard Beckert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Mihai Herda , Shmuel Tyszberowicz or Bernhard Beckert .

Editor information

Editors and Affiliations

  1. ENSIIE, Evry, France

    Catherine Dubois

  2. Université Paris-Sud, Gif sur Yvette, France

    Burkhart Wolff

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Herda, M., Tyszberowicz, S., Beckert, B. (2018). Using Dependence Graphs to Assist Verification and Testing of Information-Flow Properties. In: Dubois, C., Wolff, B. (eds) Tests and Proofs. TAP 2018. Lecture Notes in Computer Science(), vol 10889. Springer, Cham. https://doi.org/10.1007/978-3-319-92994-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-92994-1_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-92993-4

  • Online ISBN: 978-3-319-92994-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation