An empirical study of the strength of information flows in programs

Dynamic information flow analysis aims at monitoring the flow of information among objects in an executing program. It is based on the assumption that if two objects are connected by a sequence of dynamic data and/or control dependences, then information actually flows between them. This paper seeks to empirically verify the validity of this assumption and to explore the relationship between the strength of an information flow and its length.

[1]  C. Q. Lee,et al.  The Computer Journal , 1958, Nature.

[2]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[3]  Jeffrey S. Fenton Memoryless Subsystems , 1974, Comput. J..

[4]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[5]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[6]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[7]  Arnold L. Rosenberg,et al.  The significance of program dependences for software testing, debugging, and maintenance , 1989 .

[8]  Lori A. Clarke,et al.  A Formal Model of Program Dependences and Its Implications for Software Testing, Debugging, and Maintenance , 1990, IEEE Trans. Software Eng..

[9]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[10]  John Steven,et al.  jRapture: A Capture/Replay tool for observation-based testing , 2000, ISSTA '00.

[11]  David Clark,et al.  Quantitative Analysis of the Leakage of Confidential Data , 2002, QAPL.

[12]  Gavin Lowe,et al.  Quantifying information flow , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[13]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[14]  David Leon,et al.  Detecting and debugging insecure information flows , 2004, 15th International Symposium on Software Reliability Engineering.

[15]  Mark Harman,et al.  Analysis and visualization of predicate dependence on formal parameters and global variables , 2004, IEEE Transactions on Software Engineering.

[16]  K.J. Lieberherr,et al.  Controlling the complexity of software designs , 2004, Proceedings. 26th International Conference on Software Engineering.

[17]  Andy Podgurski,et al.  Dynamic information flow analysis, slicing and profiling , 2005 .

[18]  W. Masri,et al.  An empirical evaluation of test case filtering techniques based on exercising complex information flows , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[19]  Andy Podgurski,et al.  Using dynamic information flow analysis to detect attacks against applications , 2005, SOEN.

[20]  D. Bruschi,et al.  Software engineering for secure systems - SESS05 building trustworthy applications , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..