MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis

Research output: Chapter in Book/Report/Conference proceedingConference paper

10 Downloads (Pure)

Abstract

Information Flow Control is important for securing applications, primarily to preserve the confidentiality and integrity of applications and the data they process. Statically determining the flows of information for security purposes helps to secure applications early in the development pipeline. However, a sound and precise static analysis is difficult to scale. Modular static analysis is a technique for improving the scalability of static analysis. In this paper, we present an approach for constructing a modular static analysis for performing Information Flow Control for higher-order, imperative programs. A modular analysis requires information about data dependencies between modules. These dependencies arise as a result of information flows between modules, and therefore we piggy-back an Information Flow Control analysis on top of an existing modular analysis. Additionally, the resulting modular Information Flow Control analysis retains the benefits of its modular character. We validate our approach by performing an Information Flow Control analysis on 9 synthetic benchmark programs that contain both explicit and implicit information flows.
Original languageEnglish
Title of host publicationProceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE 2023)
PublisherScitepress
Pages420-427
Number of pages8
Volume1
ISBN (Print)978-989-758-647-7
DOIs
Publication statusPublished - Apr 2023
Event18th International Conference on Evaluation of Novel Approaches to Software Engineering - Vienna House by Wyndham Diplomat Prague, Prague, Czech Republic
Duration: 24 Apr 202325 Apr 2023
https://enase.scitevents.org

Publication series

NameInternational Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings
Volume2023-April
ISSN (Electronic)2184-4895

Conference

Conference18th International Conference on Evaluation of Novel Approaches to Software Engineering
Abbreviated titleENASE 2023
Country/TerritoryCzech Republic
CityPrague
Period24/04/2325/04/23
Internet address

Bibliographical note

Funding Information:
This work was partially supported by the Research Foundation – Flanders (FWO) (grant No. 11F4822N) and by the Cybersecurity Initiative Flanders.

Publisher Copyright:
Copyright © 2023 by SCITEPRESS - Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)

Copyright:
Copyright 2023 Elsevier B.V., All rights reserved.

Keywords

  • program analysis
  • static analysis
  • security
  • information flow control
  • taint analysis

Fingerprint

Dive into the research topics of 'MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis'. Together they form a unique fingerprint.

Cite this