Information Flow Control and Taint Analysis with Dependence Graphs

• For critical system, formal approaches are needed. One is (static) information flow control which analyzes the software to check if it conforms to some security policy. An example is noninterference: secret information does not influence the publicly observable behavior of a system. • Many informal approaches can be subsumed under bug detection. A violation of some security policy can be regarded as a bug and therefore many bug detection approaches do some kind of taint analysis. Data from untrusted sources (e.g. the user) is tainted and is not allowed to reach exploitable functions like system calls vulnerable to buffer overruns.

[1]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[2]  Marco Pistoia,et al.  Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection , 2005, ECOOP.

[3]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[4]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[5]  Steve Zdancewic,et al.  Challenges for Information-flow Security , 2004 .

[6]  John Wilander,et al.  Pattern Matching Security Properties of Code using Dependence Graphs , 2005 .

[7]  Arthur B. Maccabe,et al.  The program dependence web: a representation supporting control-, data-, and demand-driven interpretation of imperative languages , 1990, PLDI '90.

[8]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[9]  François Pottier,et al.  Information flow inference for ML , 2003, TOPL.

[10]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[11]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[12]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1984, TOPL.

[13]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[14]  Benjamin Livshits,et al.  Tracking pointers with path and context sensitivity for bug detection in C programs , 2003, ESEC/FSE-11.