MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis

Onderzoeksoutput: Conference paper

9 Downloads (Pure)

Samenvatting

Information Flow Control is important for securing applications, primarily to preserve the confidentiality and integrity of applications and the data they process. Statically determining the flows of information for security purposes helps to secure applications early in the development pipeline. However, a sound and precise static analysis is difficult to scale. Modular static analysis is a technique for improving the scalability of static analysis. In this paper, we present an approach for constructing a modular static analysis for performing Information Flow Control for higher-order, imperative programs. A modular analysis requires information about data dependencies between modules. These dependencies arise as a result of information flows between modules, and therefore we piggy-back an Information Flow Control analysis on top of an existing modular analysis. Additionally, the resulting modular Information Flow Control analysis retains the benefits of its modular character. We validate our approach by performing an Information Flow Control analysis on 9 synthetic benchmark programs that contain both explicit and implicit information flows.
Originele taal-2English
TitelProceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE 2023)
UitgeverijScitepress
Pagina's420-427
Aantal pagina's8
Volume1
ISBN van geprinte versie978-989-758-647-7
DOI's
StatusPublished - apr 2023
Evenement18th International Conference on Evaluation of Novel Approaches to Software Engineering - Vienna House by Wyndham Diplomat Prague, Prague, Czech Republic
Duur: 24 apr 202325 apr 2023
https://enase.scitevents.org

Publicatie series

NaamInternational Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings
Volume2023-April
ISSN van elektronische versie2184-4895

Conference

Conference18th International Conference on Evaluation of Novel Approaches to Software Engineering
Verkorte titelENASE 2023
Land/RegioCzech Republic
StadPrague
Periode24/04/2325/04/23
Internet adres

Bibliografische nota

Funding Information:
This work was partially supported by the Research Foundation – Flanders (FWO) (grant No. 11F4822N) and by the Cybersecurity Initiative Flanders.

Publisher Copyright:
Copyright © 2023 by SCITEPRESS - Science and Technology Publications, Lda. Under CC license (CC BY-NC-ND 4.0)

Copyright:
Copyright 2023 Elsevier B.V., All rights reserved.

Vingerafdruk

Duik in de onderzoeksthema's van 'MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis'. Samen vormen ze een unieke vingerafdruk.

Citeer dit