Experiences with PDG-Based IFC

Information flow control systems provide the guarantees that are required in today's security-relevant systems. While the literature has produced a wealth of techniques to ensure a given security policy, there is only a small number of implementations, and even these are mostly restricted to theoretical languages or a subset of an existing language. Previously, we presented the theoretical foundations and algorithms for dependence-graph-based information flow control (IFC). As a complement, this paper presents the implementation and evaluation of our new approach, the first implementation of a dependence-graph based analysis that accepts full Java bytecode. It shows that the security policy can be annotated in a succinct manner; and the evaluation shows that the increased runtime of our analysis—a result of being flow-, context-, and object-sensitive—is mitigated by better analysis results and elevated practicability. Finally, we show that the scalability of our analysis is not limited by the sheer size of either the security lattice or the dependence graph that represents the program.

[1]  Scott F. Smith,et al.  Improving usability of information flow security in java , 2007, PLAS '07.

[2]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[3]  David Sands,et al.  On flow-sensitive security types , 2006, POPL '06.

[4]  Gregor Snelting,et al.  Static path conditions for Java , 2008, PLAS '08.

[5]  Mark Harman,et al.  Empirical study of optimization techniques for massive slicing , 2007, ACM Trans. Program. Lang. Syst..

[6]  Michael Franz,et al.  Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[7]  Fausto Spoto,et al.  Information Flow Analysis for Java Bytecode , 2005, VMCAI.

[8]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[9]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[10]  Sanjay Ranka,et al.  A Space-and-Time-Efficient Codeing Algorithm for Lattice Computations , 1994, IEEE Trans. Knowl. Data Eng..

[11]  Jean-Louis Lanet,et al.  The PACAP Prototype: A Tool for Detecting Java Card Illegal Flow , 2000, Java Card Workshop.

[12]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[13]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[14]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[15]  Thomas Jensen,et al.  Java on Smart Cards:Programming and Security , 2001, Lecture Notes in Computer Science.

[16]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[17]  Christian Hammer Information flow control for Java: a comprehensive approach based on path conditions in dependence graphs , 2009 .

[18]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[19]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[20]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[21]  Patrick Lincoln,et al.  Efficient implementation of lattice operations , 1989, TOPL.

[22]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[23]  Laurent Hubert A non-null annotation inferencer for Java bytecode , 2008, PASTE '08.

[24]  Gregor Snelting,et al.  Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs , 2009, International Journal of Information Security.

[25]  Andrei Sabelfeld,et al.  Security-Typed Languages for Implementation of Cryptographic Protocols: A Case Study , 2005, ESORICS.