Quantitative Input Usage Static Analysis
Pages 79 - 98
Abstract
Programming errors in software applications may produce plausible yet erroneous results, without providing a clear indication of failure. This happens, for instance, when certain inputs have a disproportionate impact on the program result. To address this issue, we propose a novel quantitative static analysis for determining the impact of inputs on the program computations, parametrized in the definition of impact. This static analysis employs an underlying abstract backward analyzer and computes a sound over-approximation of the impact of program inputs, providing valuable insights into how the analyzed program handles them. We implement a proof-of-concept static analyzer to demonstrate potential applications.
References
[1]
Assaf, M., Naumann, D.A., Signoles, J., Totel, É., Tronel, F.: Hypercollecting semantics and its application to static analysis of information flow (2017).
[2]
Barowy, D.W., Gochev, D., Berger, E.D.: Checkcell: data debugging for spreadsheets. In: OOPSLA (2014).
[3]
Bron, C., Kerbosch, J.: Finding all cliques of an undirected graph (algorithm 457). ACM Commun. (1973)
[4]
Campion, M., Dalla Preda, M., Giacobazzi, R.: Partial (in)completeness in abstract interpretation: limiting the imprecision in program analysis. In: POPL (2022).
[5]
Campion M, Urban C, Dalla Preda M, and Giacobazzi R Hermenegildo MV and Morales JF A formal framework to measure the incompleteness of abstract interpretations Static Analysis 2023 Cham Springer 114-138
[6]
Chothia T, Kawamoto Y, and Novakovic C Kutyłowski M and Vaidya J LeakWatch: estimating information leakage from Java programs Computer Security - ESORICS 2014 2014 Cham Springer 219-236
[7]
Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. J. Comput. Secur. (2007).
[8]
Cousot P Constructive design of a hierarchy of semantics of a transition system by abstract interpretation Theor. Comput. Sci. 2002
[9]
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL (1977).
[10]
Denning, D.E.: Cryptography and Data Security. Addison-Wesley (1982)
[11]
Gray, J.W.: Toward a mathematical foundation for information flow security. IEEE Computer Society (1991).
[12]
Herndon, T., Ash, M., Pollin, R.: Does high public debt consistently stifle economic growth? A critique of Reinhart and Rogoff. Camb. J. Econ. (2014).
[13]
Köpf B and Rybalchenko A Bernardo M, de Vink E, Di Pierro A, and Wiklicky H Automation of quantitative information-flow analysis Formal Methods for Dynamical Systems 2013 Heidelberg Springer 1-28
[14]
Kwiatkowska, M.: Advances and challenges of quantitative verification and synthesis for cyber-physical systems. In: 2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS) (2016).
[15]
Mazzucato D and Urban C Drăgoi C, Mukherjee S, and Namjoshi K Reduced products of abstract domains for fairness certification of neural networks Static Analysis 2021 Cham Springer 308-322
[16]
Mazzucato, D., Campion, M., Urban, C.: Quantitative Input Usage Static Analysis (2023). https://hal.science/hal-04339001. Supplementary material
[17]
McCamant, S., Ernst, M.D.: Quantitative information flow as network flow capacity. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2008).
[18]
Phan, Q.-S., Malacaria, P., Tkachuk, O., Păsăreanu, C.S.: Symbolic quantitative information flow. ACM SIGSOFT Softw. Eng. Notes (2012).
[19]
Reinhart, C.M., Rogoff, K.S.: Growth in a time of debt. Am. Econ. Rev. (2010).
[20]
Saha, S., Barbara, U.S., Ghentiyala, U.S., Shihua, U.L.: Obtaining information leakage bounds via approximate model counting (2023).
[21]
Smith G de Alfaro L On the foundations of quantitative information flow Foundations of Software Science and Computational Structures 2009 Heidelberg Springer 288-302
[22]
Urban C and Müller P Ahmed A An abstract interpretation framework for input data usage Programming Languages and Systems 2018 Cham Springer 683-710
[23]
Urban, C., Christakis, M., Wüstholz, V., Zhang, F.: Perfectly parallel fairness certification of neural networks. In: OOPSLA (2020).
[24]
Wong, W.H.: Timing attacks on RSA: revealing your secrets through the fourth dimension. ACM Crossroads (2005).
Recommendations
Machine-learning-guided selectively unsound static analysis
ICSE '17: Proceedings of the 39th International Conference on Software EngineeringWe present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at ...
Hybrid Inlining: A Framework for Compositional and Context-Sensitive Static Analysis
ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and AnalysisContext-sensitivity is essential for achieving good precision in inter-procedural static analysis. To be context-sensitive, top-down analysis needs to fully inline all the statements in a callee at all its callsites, leading to statement explosion. ...
SVF: interprocedural static value-flow analysis in LLVM
CC '16: Proceedings of the 25th International Conference on Compiler ConstructionThis paper presents SVF, a tool that enables scalable and precise interprocedural Static Value-Flow analysis for C programs by leveraging recent advances in sparse analysis. SVF, which is fully implemented in LLVM, allows value-flow construction and ...
Comments
Information & Contributors
Information
Published In
Jun 2024
446 pages
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 04 June 2024
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 Nov 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in