Abstract
We consider while-language programs with variables of two security types: low and high. Security static analysis of information flows of such programs identifies insecure information flows which can cause leaks. Semantic rules of such an analysis which was proposed in [6] assign security types for expressions, statements and compositions of statements. We use these rules to propose an algorithm of security static analysis tries to discover a security type of the program under consideration. If such a type can be assigned, information flows of the program are secure; otherwise, it contains insecure information flows. We have used flex and bison [5] tools to implement a translator for a while-language into the MMIX computer [2] instruction sequence.
Similar content being viewed by others
References
Devyanin, P.N., Modeli bezopasnosti kompjuternyh sistem: Uchebnoe posobie dlja studentov vysshih uchebnyh zavedenii (Models of Computer System Security. A Tutorial for Students of Higher Educational Institutes) Moscow: Akademija, 2005.
Knuth, D.E., The Art of Computer Programming. MMIX-A RISC Computer for the New Millenium, vol. 1, fasc. 1, Addison-Wesley Professional, 2005.
Grune, D. and Jacobs, C.J.H., Parsing Techniques. A Practical Guide, Springer-Verlag, 2008, 2nd ed.
Hoare, C.A.R., An axiomatic basis for computer programming, Commun. ACM, 1969, vol. 12, pp. 576–580.
Levine, J., Flex and Bison. O’Reilly Media, 2009.
Sabelfeld, A. and Myers, A.C., Language-based information-flow security, IEEE J. Selected Areas in Commun., 2003, vol. 21, pp. 5–19.
SWHILE-while-language translator with security types, www:https://bitbucket.org/kafti/swhile. since 22.04.2014
Author information
Authors and Affiliations
Corresponding author
Additional information
The article is published in the original.
About this article
Cite this article
Antoshina, E.J., Barakova, A.N., Nikitin, E.S. et al. A translator with a security static analysis feature of an information flow for a simple programming language. Aut. Control Comp. Sci. 48, 589–593 (2014). https://doi.org/10.3103/S0146411614070177
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411614070177