Referenced Items are not available for this document.
Programs should keep sensitive information, such as medical records, confidential. We present a static analysis that extracts from a program's source code a sound approximation of the most restrictive conditional confidentiality policy that the program obeys. To formalize conditional confidentiality policies, we present a modified definition of noninterference that accommodates runtime information. We implement our analysis and experiment with the resulting tool on C programs. While we focus on using our analysis for policy extraction, the process can more generally be used for information flow analysis. Unlike traditional information flow analysis that simply states what flows are possible in a program, our tool also states what conditions must be satisfied by an execution for each flow to be enabled. Furthermore, our analysis is the first to handle interactive I/O while being compositional and flow sensitive.
Published in:
Software Engineering and Formal Methods, 2008. SEFM '08. Sixth IEEE International Conference on
Date of Conference: 10-14 Nov. 2008
- Page(s):
- 107 - 116
- Print ISBN:
- 978-0-7695-3437-4
- INSPEC Accession Number:
- 10397354
- Conference Location :
- Cape Town
- Digital Object Identifier :
- 10.1109/SEFM.2008.46
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
