By Topic

Static Information Flow Analysis with Handling of Implicit Flows and a Study on Effects of Implicit Flows vs Explicit Flows

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Yin Liu ; Dept. of Comput. Sci., Rensselaer Polytech. Inst., Troy, NY, USA ; Milanova, A.

Reasoning about information flow can help software engineering. Static information flow inference analysis is a technique which automatically infers information flows based on data or control dependence. It can be utilized for the purposes of general program understanding, detection of security attacks and security vulnerabilities, and type inference for security type systems. This paper proposes a new static information flow inference analysis, which unlike most other information flow analyses, handles both explicit and implicit information flows. The analysis does not require annotations and it is relatively precise and practical. We illustrate the usage of the static information flow analysis on three applications. The first application of information flow analysis is security violation detection. We perform experiments on a set of Java web applications and the experiments show that our analysis effectively detects security violations. The second application is type inference. Our experiments on the Java web applications successfully infer security types. The last application studies the effect of thread-shared variables on thread-local variables. Our experiments on a set of multi-thread programs show that most of the thread-local variables are affected by the thread-shared variables. We study the impact of implicit flow versus explicit flow in these applications. Implicit flow has significant impact on all these applications. In security violation detection, implicit flow detects more security violations than explicit flow. In type inference, implicit flow infers more untrusted type variables. In the study of the effect of thread-shared variables, implicit flow detects more affected variables than explicit flow.

Published in:

Software Maintenance and Reengineering (CSMR), 2010 14th European Conference on

Date of Conference:

15-18 March 2010