Abstract
Information flow control systems provide the guarantees that are required in today’s security-relevant systems. While the literature has produced a wealth of techniques to ensure a given security policy, there is only a small number of implementations, and even these are mostly restricted to theoretical languages or a subset of an existing language.
Previously, we presented the theoretical foundations and algorithms for dependence-graph-based information flow control (IFC). As a complement, this paper presents the implementation and evaluation of our new approach, the first implementation of a dependence-graph based analysis that accepts full Java bytecode. It shows that the security policy can be annotated in a succinct manner; and the evaluation shows that the increased runtime of our analysis—a result of being flow-, context-, and object-sensitive—is mitigated by better analysis results and elevated practicability. Finally, we show that the scalability of our analysis is not limited by the sheer size of either the security lattice or the dependence graph that represents the program.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aït-Kaci, H., Boyer, R., Lincoln, P., Nasr, R.: Efficient implementation of lattice operations. ACM TOPLAS 11(1), 115–146 (1989)
Amtoft, T., Bandhakavi, S., Banerjee, A.: A logic for information flow in object-oriented programs. In: POPL 2006, pp. 91–102. ACM, New York (2006)
Askarov, A., Sabelfeld, A.: Security-typed languages for implementation of cryptographic protocols: A case study. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 197–221. Springer, Heidelberg (2005)
Barthe, G., Pichardie, D., Rezk, T.: A certified lightweight non-interference Java bytecode verifier. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 125–140. Springer, Heidelberg (2007)
Bieber, P., Cazin, J., Marouani, A.E., Girard, P., Lanet, J.L., Wiels, V., Zanon, G.: The PACAP prototype: a tool for detecting Java Card illegal flow. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 25–37. Springer, Heidelberg (2001)
Binkley, D., Harman, M., Krinke, J.: Empirical study of optimization techniques for massive slicing. ACM TOPLAS 30(1), 3 (2007)
Chandra, D., Franz, M.: Fine-grained information flow analysis and enforcement in a Java virtual machine. In: 23rd Annual Computer Security Applications Conference, pp. 463–475. IEEE, Los Alamitos (2007)
Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM TOPLAS 9(3), 319–349 (1987)
Ganguly, D.D., Mohan, C.K., Ranka, S.: A space-and-time-efficient coding algorithm for lattice computations. IEEE Trans. on Knowl. and Data Eng. 6(5), 819–829 (1994)
Genaim, S., Spoto, F.: Information flow analysis for Java bytecode. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 346–362. Springer, Heidelberg (2005)
Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Symposium on Security and Privacy, pp. 75–86. IEEE, Los Alamitos (1984)
Hammer, C.: Information flow control for Java - a comprehensive approach based on path conditions in dependence graphs. Ph.D. thesis, Universität Karlsruhe (TH), Fak. f. Informatik (2009), URN urn=urn:nbn:de:0072-120494
Hammer, C., Schaade, R., Snelting, G.: Static path conditions for Java. In: PLAS 2008, pp. 57–66. ACM, New York (2008)
Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. Int. Journal of Information Security 8(6), 399–422 (2009)
Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM TOPLAS 12(1), 26–60 (1990)
Hubert, L.: A non-null annotation inferencer for Java bytecode. In: PASTE 2008, pp. 36–42. ACM, New York (2008)
Hunt, S., Sands, D.: On flow-sensitive security types. In: POPL 2006, pp. 79–90. ACM, New York (2006)
Myers, A.C., Chong, S., Nystrom, N., Zheng, L., Zdancewic, S.: Jif: Java information flow, http://www.cs.cornell.edu/jif/
Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM TOSEM 9(4), 410–442 (2000)
Sabelfeld, A., Myers, A.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5), 517–548 (2009)
Smith, S.F., Thober, M.: Improving usability of information flow security in Java. In: PLAS 2007, pp. 11–20. ACM, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hammer, C. (2010). Experiences with PDG-Based IFC. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-11747-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11746-6
Online ISBN: 978-3-642-11747-3
eBook Packages: Computer ScienceComputer Science (R0)