Article

Dynamic vs. Static Flow-Sensitive Security Analysis

Authors:

Alejandro Russo,

Andrei SabelfeldAuthors Info & Claims

CSF '10: Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium

Pages 186 - 199

https://doi.org/10.1109/CSF.2010.20

Published: 17 July 2010 Publication History

Publisher Site

Abstract

This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flow-insensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive than static analysis in the flow-insensitive case. We argue that the step from flow-insensitive to flow-sensitive is fundamentally limited for purely dynamic information-flow controls. We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. We present a general framework for hybrid mechanisms that is parameterized in the static part and in the reaction method of the enforcement (stop, suppress, or rewrite) and give security guarantees with respect to termination-insensitive noninterference for a simple language with output.

Cited By

View all

Beardsley VSridharan M(2024)Static-Dynamic Information Flow Control in RustCompanion Proceedings of the 2024 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3689491.3691820(16-18)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1145/3689491.3691820
Chen TSiek J(2024)Quest Complete: The Holy Grail of Gradual SecurityProceedings of the ACM on Programming Languages10.1145/36564428:PLDI(1609-1632)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656442
McCall MBichhawat AJia LMeng WJensen CCremers CKirda E(2023)Tainted Secure Multi-Execution to Restrict Attacker InfluenceProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623110(1732-1745)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623110
Show More Cited By

Recommendations

Semi-sparse flow-sensitive pointer analysis
POPL '09

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Semi-sparse flow-sensitive pointer analysis
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pointer analysis is a prerequisite for many program analyses, and the effectiveness of these analyses depends on the precision of the pointer information they receive. Two major axes of pointer analysis precision are flow-sensitivity and context-...
Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow analyses cannot ...

Comments

Information & Contributors

Information

Published In

CSF '10: Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium

July 2010

333 pages

ISBN:9780769540825

Publisher

IEEE Computer Society

United States

Publication History

Published: 17 July 2010

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

65
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Beardsley VSridharan M(2024)Static-Dynamic Information Flow Control in RustCompanion Proceedings of the 2024 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3689491.3691820(16-18)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1145/3689491.3691820
Chen TSiek J(2024)Quest Complete: The Holy Grail of Gradual SecurityProceedings of the ACM on Programming Languages10.1145/36564428:PLDI(1609-1632)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656442
McCall MBichhawat AJia LMeng WJensen CCremers CKirda E(2023)Tainted Secure Multi-Execution to Restrict Attacker InfluenceProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623110(1732-1745)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623110
Bichhawat ARajani VGarg DHammer C(2021)Permissive runtime information flow control in the presence of exceptionsJournal of Computer Security10.3233/JCS-21138529:4(361-401)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.3233/JCS-211385
Khakpour N(2021)A Field-Sensitive Security Monitor for Object-Oriented ProgramsComputers and Security10.1016/j.cose.2021.102349108:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102349
de Amorim AFredrikson MJia LHermanns HZhang LKobayashi NMiller D(2020)Reconciling noninterference and gradual typingProceedings of the 35th Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3373718.3394778(116-129)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3373718.3394778
Wang FKo RMickens JLorch JYu M(2019)RiverbedProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323285(615-629)Online publication date: 26-Feb-2019
https://dl.acm.org/doi/10.5555/3323234.3323285
Fu XCai HDumas MPfahl DApel SRusso A(2019)A dynamic taint analyzer for distributed systemsProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3338906.3341179(1115-1119)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.1145/3338906.3341179
Pfeffer TGlesner SSion RPapamanthou C(2019)Timing-Sensitive Synchronization for Efficient Secure Multi-ExecutionProceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop10.1145/3338466.3358914(153-164)Online publication date: 11-Nov-2019
https://dl.acm.org/doi/10.1145/3338466.3358914
Herda MTyszberowicz SMüssig JBeckert BHung CPapadopoulos G(2019)Verification-based test case generation for information-flow propertiesProceedings of the 34th ACM/SIGAPP Symposium on Applied Computing10.1145/3297280.3297500(2231-2238)Online publication date: 8-Apr-2019
https://dl.acm.org/doi/10.1145/3297280.3297500
Show More Cited By

Abstract

Cited By

Recommendations

Semi-sparse flow-sensitive pointer analysis

Semi-sparse flow-sensitive pointer analysis

Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations