Projects per year
Abstract
Information Flow Control is important for securing applications, primarily to preserve the confidentiality and integrity of applications and the data they process. Statically determining the flows of information for security purposes helps to secure applications early in the development pipeline. However, a sound and precise static analysis is difficult to scale. Modular static analysis is a technique for improving the scalability of static analysis. In this paper, we present an approach for constructing a modular static analysis for performing Information Flow Control for higher-order, imperative programs. A modular analysis requires information about data dependencies between modules. These dependencies arise as a result of information flows between modules, and therefore we piggy-back an Information Flow Control analysis on top of an existing modular analysis. Additionally, the resulting modular Information Flow Control analysis retains the benefits of its modular character. We validate our approach by performing an Information Flow Control analysis on 9 synthetic benchmark programs that contain both explicit and implicit information flows.
Original language | English |
---|---|
Title of host publication | Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE 2023) |
Publisher | Scitepress |
Pages | 420-427 |
Number of pages | 8 |
Volume | 1 |
ISBN (Print) | 978-989-758-647-7 |
DOIs | |
Publication status | Published - Apr 2023 |
Event | 18th International Conference on Evaluation of Novel Approaches to Software Engineering - Vienna House by Wyndham Diplomat Prague, Prague, Czech Republic Duration: 24 Apr 2023 → 25 Apr 2023 https://enase.scitevents.org |
Publication series
Name | International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings |
---|---|
Volume | 2023-April |
ISSN (Electronic) | 2184-4895 |
Conference
Conference | 18th International Conference on Evaluation of Novel Approaches to Software Engineering |
---|---|
Abbreviated title | ENASE 2023 |
Country/Territory | Czech Republic |
City | Prague |
Period | 24/04/23 → 25/04/23 |
Internet address |
Bibliographical note
Funding Information:This work was partially supported by the Research Foundation – Flanders (FWO) (grant No. 11F4822N) and by the Cybersecurity Initiative Flanders.
Publisher Copyright:
Copyright © 2023 by SCITEPRESS - Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)
Copyright:
Copyright 2023 Elsevier B.V., All rights reserved.
Keywords
- program analysis
- static analysis
- security
- information flow control
- taint analysis
Fingerprint
Dive into the research topics of 'MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis'. Together they form a unique fingerprint.-
VLAAI2: Cybersecurity Research Program Flanders – second cycle
De Meuter, W., Braeken, A., Devriese, D., Gonzalez Boix, E. & De Roover, C.
1/01/24 → 31/12/28
Project: Applied
-
SRP52: SRP-Onderzoekszwaartepunt: Foundations for Reliable Multi-Paradigm Network-Centric Programming
De Meuter, W., De Roover, C. & Gonzalez Boix, E.
1/03/19 → 29/02/28
Project: Fundamental
-
FWOTM979: Incremental Static Program Analysis through Modularity
De Roover, C. & Van der Plas, J.
1/11/19 → 31/10/23
Project: Fundamental
-
18th International Conference on Evaluation of Novel Approaches to Software Engineering
Jens Van der Plas (Participant)
25 Apr 2023Activity: Participating in or organising an event › Participation in conference
-
MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis
Jens Van der Plas (Speaker)
24 Apr 2023Activity: Talk or presentation › Talk or presentation at a conference
File
Prizes
-
FWO PhD Fellowship fundamental research
Van der Plas, Jens (Recipient), 1 Nov 2019
Prize: Fellowship awarded competitively