Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/1368310.1368329acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
research-article

Secure slices of insecure programs

Published: 18 March 2008 Publication History

Abstract

This paper deals with the problem of protect the confidentiality of data manipulated by sequential programs. In this context, secure information flow refers to the guarantee that program executions are free of non authorized flows of secret information into public channels. There are two established means to enforce information flow policies: static analyses, that are performed at compile time and guarantee that all program executions are free of unauthorized flows; and runtime monitoring, that dynamically detects and neutralizes invalid flows for the current run.
Both approaches have their advantages and disadvantages. The main disadvantages of static information flow control (IFC) is, that it does not differentiate between secure and insecure executions of the same program, therefore whole programs are rejected in presence of possible invalid flows. On the contrary, dynamic IFC rejects insecure executions only. This analysis precision comes at the price of the execution overload that imposes the dynamic tracking of information flow.
This work presents secure slicing, a technique that statically transforms probably insecure (interfering) programs into secure (non-interfering) ones. Our approach combines static analysis of information flow and program transformation: if invalid flows are detected, instead of rejecting the whole program, we transform it to eliminate the invalid flows. This way, we alleviate drawbacks of static and dynamic approaches: neither we reject full programs nor we impose run-time overhead. The resulting program can be seen as a secure slice of the source program that can be executed without risk of information leaks.
In this work we also show that secure slices can be computed for programs that intentionally release secret information, and that the technique can be applied to real programming languages such as Java.

References

[1]
Martin Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. A core calculus of dependency. In M. Ac, editor, POPL '99. Proceedings of the 26th ACM SIGPLAN-SIGACT on Principles of programming languages, January 20--22, 1999, San Antonio, TX, pages 147--160, New York, NY, USA, 1999. ACM Press.
[2]
Gilles Barthe and Salvador Cavadini. From Interfering to Non-interfering Programs (unpublished draft), 2007.
[3]
Gilles Barthe, David Pichardie, and Tamara Rezk. A Certified Lightweight Non-Interference Java Bytecode Verifier. In Proc. of 16th European Symposium on Programming (ESOP'07), volume 4421 of Lecture Notes in Computer Science, pages 125--140. Springer-Verlag, 2007.
[4]
D. Chandra and M. Franz. Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine. to appear in 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, Florida; December 2007.
[5]
Zhenqiang Chen, Baowen Xu, and Jianjun Zhao. An overview of methods for dependence analysis of concurrent programs. SIGPLAN Not., 37(8):45--52, August 2002.
[6]
Dorothy E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236--243, May 1976.
[7]
Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504--513, July 1977.
[8]
J. S. Fenton. Memoryless Subsystems. Computing J., 17(2):143--147, 1974.
[9]
Jeanne Ferrante, Karl J. Ottenstein, and Joe D. Warren. The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst., 9(3):319--349, July 1987.
[10]
J. A. Goguen and J. Meseguer. Security Policies and Security Models. sp, 00, 1982.
[11]
C. Hammer, J. Krinke, and Frank Nodes. Intransitive Noninterference in Dependence Graphs. Second International Symposium on Leveraging Application of Formal Methods, Verification and Validation (ISoLA 2006), 2006.
[12]
Christian Hammer, Jens Krinke, and Gregor Snelting. Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In IEEE International Symposium on Secure Software Engineering, 2006.
[13]
M. Harman, S. Danicic, Y. Sivagurunathan, and D. Simpson. The next 700 slicing criteria. 2 nd UK workshop on program comprehension (Durham University, UK, July 1996), M. Munro, Ed., 1996.
[14]
Susan Horwitz, Thomas Reps, and David Binkley. Interprocedural slicing using dependence graphs. In Proceedings of the ACM SIGPLAN '88 Conference on Programming Language Design and Implementation, volume 23, pages 35--46, Atlanta, GA, June 1988.
[15]
Lap C. Lam and Tzi C. Chiueh. A General Dynamic Information Flow Tracking Framework for Security Applications. In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06), pages 463--472. IEEE Computer Society, 2006.
[16]
Butler W. Lampson. A note on the confinement problem. Commun. ACM, 16(10):613--615, October 1973.
[17]
Gurvan Le Guernic. Automaton-based Confidentiality Monitoring of Concurrent Programs. In Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE, pages 218--232, 2007.
[18]
Gurvan Le Guernic, Anindya Banerjee, Thomas Jensen, and David Schmidt. Automata-based Confidentiality Monitoring. In Proceedings of the Annual Asian Computing Science Conference, December June--August 2006.
[19]
Andrew C. Myers. JFlow: Practical Mostly-Static Information Flow Control. In Symposium on Principles of Programming Languages, pages 228--241, 1999.
[20]
Srijith K. Nair, Patrick N. D. Simpson, Bruno Crispo, and Andrew S. Tanenbaum. A Virtual Machine Based Information Flow Control System for Policy Enforcement. In First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (REM 2007), pages 1--11, Dresden, Germany, 2007.
[21]
Alessandro Orso, Saurabh Sinha, and Mary J. Harrold. Classifying data dependences in the presence of pointers for program comprehension, testing, and debugging. ACM Trans. Softw. Eng. Methodol., 13(2):199--239, April 2004.
[22]
Raja V. Rai, Laurie Hendren, Vijay Sundaresan, Patrick Lam, Etienne Gagnon, and Phong Co. Soot -a Java Optimization Framework. In Proceedings of CASCON 1999, pages 125--135, 1999.
[23]
Raja V. Rai and Laurie J. Hendren. Jimple: Simplifying Java Bytecode for Analyses and Transformations. Technical report, Sable Research Group, McGill University, Montreal, Quebec, Canada, 1988.
[24]
V. Ranganath, T. Amtoft, A. Banerjee, J. Hatcliff, and M. Dwyer. A new foundation for control-dependence and slicing for modern program structures. ACM Trans. Program. Lang. Syst., 29(5):1--43, 2007.
[25]
V. P. Ranganath and J. Hatcliff. An Overview of the Indus Framework for Analysis and Slicing of Concurrent Java Software (Keynote Talk - Extended Abstract). pages 3--7, 2006.
[26]
Roscoe and Goldsmith. What Is Intransitive Noninterference? In PCSFW: Proceedings of The 12th Computer Security Foundations Workshop. IEEE Computer Society Press, 1999.
[27]
A. Sabelfeld and A. Myers. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications, 21(1):5--19, January 2003.
[28]
Andrei Sabelfeld and David Sands. Dimensions and Principles of Declassification. In CSFW '05: Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05), pages 255--269, Washington, DC, USA, 2005. IEEE Computer Society.
[29]
Paritosh Shroff, Scott Smith, and Mark Thober. Dynamic Dependency Monitoring to Secure Information Flow. In CSF '07: Proceedings of the 20th IEEE Computer Security Foundations Symposium, pages 203--217, Washington, DC, USA, 2007. IEEE Computer Society.
[30]
V. Simonet. Flow Caml in a nutshell. In Proceedings of the first APPSEM-II workshop, pages 152--165, 2003.
[31]
Saurabh Sinha and Mary J. Harrold. Analysis and Testing of Programs with Exception Handling Constructs. Software Engineering, 26(9):849--871, 2000.
[32]
Gregor Snelting, Torsten Robschink, and Jens Krinke. Efficient Path Conditions in Dependence Graphs for Software Safety Analysis. ACM Trans. Softw. Eng. Methodol., 15(4):410--457, October 2006.
[33]
Frank Tip. A survey of program slicing techniques. Journal of programming languages, 3:121--189, 1995.
[34]
Dennis M. Volpano and Geoffrey Smith. A Type-Based Approach to Program Security. In TAPSOFT '97: Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development, pages 607--621, London, UK, 1997. Springer-Verlag.
[35]
Mark D. Weiser. Program slices: formal, psychological, and practical investigations of an automatic program abstraction method. PhD thesis, University of Michigan, Ann Arbor, 1979.
[36]
Baowen Xu, Ju Qian, Xiaofang Zhang, Zhongqiang Wu, and Lin Chen. A brief survey of program slicing. SIGSOFT Softw. Eng. Notes, 30(2):1--36, March 2005.
[37]
Sachiko Yoshihama, Takeo Yoshizawa, Yuji Watanabe, Michiharu Kudoh, and Kazuko Oyanagi. Dynamic Information Flow Control Architecture for Web Applications. pages 267--282. 2007.

Cited By

View all
  • (2015)Language-based security analysis of database applicationsProceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)10.1109/C3IT.2015.7060109(1-4)Online publication date: Feb-2015
  • (2015)Data Leakage Analysis of the Hibernate Query Language on a Propositional Formulae DomainTransactions on Large-Scale Data- and Knowledge-Centered Systems XXIII - Volume 948010.1007/978-3-662-49175-1_2(23-44)Online publication date: 1-Sep-2015
  • (2015)Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile ApplicationsProceedings of the 16th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 893110.1007/978-3-662-46081-8_4(61-79)Online publication date: 12-Jan-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '08: Proceedings of the 2008 ACM symposium on Information, computer and communications security
March 2008
399 pages
ISBN:9781595939791
DOI:10.1145/1368310
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 March 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. information flow
  2. non-interference
  3. program dependences
  4. program slicing

Qualifiers

  • Research-article

Conference

Asia CCS '08
Sponsor:

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)1
Reflects downloads up to 15 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2015)Language-based security analysis of database applicationsProceedings of the 2015 Third International Conference on Computer, Communication, Control and Information Technology (C3IT)10.1109/C3IT.2015.7060109(1-4)Online publication date: Feb-2015
  • (2015)Data Leakage Analysis of the Hibernate Query Language on a Propositional Formulae DomainTransactions on Large-Scale Data- and Knowledge-Centered Systems XXIII - Volume 948010.1007/978-3-662-49175-1_2(23-44)Online publication date: 1-Sep-2015
  • (2015)Datacentric Semantics for Verification of Privacy Policy Compliance by Mobile ApplicationsProceedings of the 16th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 893110.1007/978-3-662-46081-8_4(61-79)Online publication date: 12-Jan-2015
  • (2015)Data-Centric Refinement of Information Flow Analysis of Database ApplicationsSecurity in Computing and Communications10.1007/978-3-319-22915-7_46(506-518)Online publication date: 8-Aug-2015
  • (2015)Sampling a Two-Way Finite AutomatonAutomata, Universality, Computation10.1007/978-3-319-09039-9_4(103-115)Online publication date: 2015
  • (2014)Information leakage analysis of database query languagesProceedings of the 29th Annual ACM Symposium on Applied Computing10.1145/2554850.2554862(813-820)Online publication date: 24-Mar-2014
  • (2012)Secure multi-execution through static program transformationProceedings of the 14th joint IFIP WG 6.1 international conference and Proceedings of the 32nd IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems10.1007/978-3-642-30793-5_12(186-202)Online publication date: 13-Jun-2012

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media