research-article

Effective blame for information-flow violations

Authors:

Sanjit A. SeshiaAuthors Info & Claims

SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering

Pages 250 - 260

https://doi.org/10.1145/1453101.1453135

Published: 09 November 2008 Publication History

Abstract

Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.

References

[1]

T.J. Watson Libraries for Analysis. http://wala.sourceforge.net.

[2]

Askarov, A., and Sabelfeld, A. Secure implementation of cryptographic protocols: A case study of mutual distrust. In ESORICS '05.

Digital Library

[3]

Ball, T., Naik, M., and Rajamani, S. K. From symptom to cause: localizing errors in counterexample traces. In POPL '03, pp. 97--105.

Digital Library

[4]

Bieber, P., Cazin, J., Marouani, A. E., Girard, P., Lanet, J.-L., Wiels, V., and Zanon, G. The PACAP prototype: A tool for detecting Java Card illegal flow. Java Card Workshop (2000), 25--37.

Digital Library

[5]

Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. A static analyzer for large safety-critical software. In PLDI (2003).

Digital Library

[6]

Chong, S., Vikram, K., and Myers, A. C. Sif: Enforcing confidentiality and integrity in web applications. In USENIX Security (2007).

Digital Library

[7]

Cytron, R., Ferrante, J., Rosen, B. K., Wegman, M. N., and Zadeck, F. K. Efficiently computing static single assignment form and the control dependence graph. TOPLAS 13, 4 (Oct 1991), 451--490.

Digital Library

[8]

Deng, Z., and Smith, G. Type inference and informative error reporting for secure information flow. In ACM-SE 44 (New York, NY, USA, 2006).

Digital Library

[9]

Denning, D. E. A lattice model of secure information flow. Commun. ACM 19, 5 (1976), 236--243.

Digital Library

[10]

Denning, D. E., and Denning, P. J. Certification of programs for secure information flow. Commun. ACM 20, 7 (1977), 504--513.

Digital Library

[11]

E. M. Clarke, O. Grumberg, K. L. McMillan, and X. Zhao. Efficient Generation of Counterexamples and Witnesses in Symbolic Model Checking. In DAC '95 (San Francisco, CA, USA, 1995), pp. 427--432.

Digital Library

[12]

Foster, J. S., Fähndrich, M., and Aiken, A. A theory of type qualifiers. In PLDI (1999).

Digital Library

[13]

Hammer, C., Krinke, J., and Snelting, G. Information flow control for Java based on path conditions in dependence graphs. In Proceedings of the IEEE International Symposium on Secure Software Engineering (2006).

Digital Library

[14]

Hangal, S., and Lam, M. S. Tracking down software bugs using automatic anomaly detection. In ICSE (2002).

Digital Library

[15]

Hicks, B., Ahmadizadeh, K., and McDaniel, P. Understanding practical application development in security-typed languages. In ACSAC '06, IEEE Computer Society.

Digital Library

[16]

Horwitz, S., Reps, T., and Binkley, D. Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst. 12, 1 (1990), 26--60.

Digital Library

[17]

Johnson, R., and Wagner, D. Finding user/kernel pointer bugs with type inference. In USENIX (2004).

Digital Library

[18]

King, D., Jaeger, T., Jha, S., and Seshia, S. A. Effective blame for information flow violations. Tech. Rep. NAS-TR-0069-2007 (Updated March 2008), The Pennsylvania State University, 2008.

Digital Library

[19]

Myers, A. C. JFlow: Practical mostly-static information flow control. In POPL '99, pp. 228--241.

Digital Library

[20]

Myers, A. C., Nystrom, N., Zheng, L., and Zdancewic, S. Jif: Java + Information Flow. http://www.cs.cornell.edu/jif.

[21]

Pottier, F., and Simonet, V. Information flow inference for ML. In POPL '02, pp. 319--330.

Digital Library

[22]

Rehof, J., and Mogensen, T. A. Tractable constraints in finite semilattices. Science of Computer Programming 35, 2--3 (1999), 191--221.

Digital Library

[23]

Renieris, M., and Reiss, S. P. Fault localization with nearest neighbor queries. In ASE (2003).

[24]

Robschink, T., and Snelting, G. Efficient path conditions in dependence graphs. In ICSE (2002), pp. 478--488.

Digital Library

[25]

Sharir, M., and Pnueli, A. Two approaches to interprocedural dataflow analysis. In Program Flow Analysis: Theory and Applications (1981), Prentice Hall, pp. 189--234.

[26]

Smith, S. F., and Thober, M. Refactoring programs to secure information flows. In PLAS (2006).

Digital Library

[27]

Tip, F. A survey of program slicing techniques. Journal of programming languages 3 (1995), 121--189.

[28]

Wand, M. Finding the source of type errors. In POPL '86 (1986), ACM Press, pp. 38--43.

Digital Library

[29]

Weiser, M. Program slicing. In ICSE (1981).

Digital Library

[30]

Zhang, X., Edwards, A., and Jaeger, T. Using CQUAL for static analysis of authorization hook placement. In USENIX (2002).

Digital Library

Cited By

Deng CCousot P(2019)Responsibility Analysis by Abstract InterpretationStatic Analysis10.1007/978-3-030-32304-2_18(368-388)Online publication date: 2-Oct-2019
https://doi.org/10.1007/978-3-030-32304-2_18
Sjösten AHedin DSabelfeld A(2018)Information Flow Tracking for Side-Effectful LibrariesFormal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-319-92612-4_8(141-160)Online publication date: 30-May-2018
https://doi.org/10.1007/978-3-319-92612-4_8
Zhang DMyers AVytiniotis DPeyton-Jones S(2017)SHErrLocACM Transactions on Programming Languages and Systems10.1145/312113739:4(1-47)Online publication date: 17-Aug-2017
https://dl.acm.org/doi/10.1145/3121137
Show More Cited By

Index Terms

Effective blame for information-flow violations
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods

Recommendations

Language-based information-flow security

Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret ...
The effects of multilevel sanctions on information security violations: A mediating model

We proposed and empirically tested a mediating model for examining the effects of multilevel sanctions on preventing information security violations in the workplace. The results of the experiment suggested that personal self-sanctions and workgroup ...
Examining Information Security Policy Violations, Rationalization of Deviant Behaviors, and Preventive Strategies

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGSOFT '08/FSE-16: Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering

November 2008

369 pages

ISBN:9781595939951

DOI:10.1145/1453101

General Chair:
Mary Jean Harrold
Georgia Institute of Technology
,
Program Chair:
Gail C. Murphy
University of British Columbia

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

SIGSOFT '08/FSE-16

Sponsor:

SIGSOFT

SIGSOFT '08/FSE-16: SIGSOFT 2008 -16th International Symposium on the Foundations of Software Engineering

November 9 - 14, 2008

Georgia, Atlanta

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
332
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Deng CCousot P(2019)Responsibility Analysis by Abstract InterpretationStatic Analysis10.1007/978-3-030-32304-2_18(368-388)Online publication date: 2-Oct-2019
https://doi.org/10.1007/978-3-030-32304-2_18
Sjösten AHedin DSabelfeld A(2018)Information Flow Tracking for Side-Effectful LibrariesFormal Techniques for Distributed Objects, Components, and Systems10.1007/978-3-319-92612-4_8(141-160)Online publication date: 30-May-2018
https://doi.org/10.1007/978-3-319-92612-4_8
Zhang DMyers AVytiniotis DPeyton-Jones S(2017)SHErrLocACM Transactions on Programming Languages and Systems10.1145/312113739:4(1-47)Online publication date: 17-Aug-2017
https://dl.acm.org/doi/10.1145/3121137
Hedin DSjösten APiessens FSabelfeld A(2017)A Principled Approach to Tracking Information Flow in the Presence of LibrariesProceedings of the 6th International Conference on Principles of Security and Trust - Volume 1020410.1007/978-3-662-54455-6_3(49-70)Online publication date: 22-Apr-2017
https://dl.acm.org/doi/10.1007/978-3-662-54455-6_3
Khlie KSerrou DAbouabdellah A(2016)The impact of Lean-logistics and the information system on the information flow management within the healthcare supply chain2016 11th International Conference on Intelligent Systems: Theories and Applications (SITA)10.1109/SITA.2016.7772315(1-5)Online publication date: Oct-2016
https://doi.org/10.1109/SITA.2016.7772315
Zhang DMyers A(2014)Toward general diagnosis of static errorsACM SIGPLAN Notices10.1145/2578855.253587049:1(569-581)Online publication date: 8-Jan-2014
https://dl.acm.org/doi/10.1145/2578855.2535870
Zhang DMyers AJagannathan SSewell P(2014)Toward general diagnosis of static errorsProceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages10.1145/2535838.2535870(569-581)Online publication date: 11-Jan-2014
https://dl.acm.org/doi/10.1145/2535838.2535870
Weijers JHage JHoldermans S(2014)Security type error diagnosis for higher-order, polymorphic languagesScience of Computer Programming10.1016/j.scico.2014.03.01195:P2(200-218)Online publication date: 1-Dec-2014
https://dl.acm.org/doi/10.1016/j.scico.2014.03.011
Weijers JHage JHoldermans SAlbert EMu S(2013)Security type error diagnosis for higher-order, polymorphic languagesProceedings of the ACM SIGPLAN 2013 workshop on Partial evaluation and program manipulation10.1145/2426890.2426894(3-12)Online publication date: 21-Jan-2013
https://dl.acm.org/doi/10.1145/2426890.2426894
Hun Eom YDemsky B(2013)Sinfer: Inferring information flow lattices for checking self-stabilization2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE.2013.6698925(258-267)Online publication date: Nov-2013
https://doi.org/10.1109/ISSRE.2013.6698925
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten