Abstract
Type-based and PDG-based information flow analysis techniques are currently developed independently in a competing manner, with different strengths regarding coverage of language features and security policies. In this article, we study the relationship between these two approaches. One key insight is that a type-based information flow analysis need not be less precise than a PDG-based analysis. For proving this result we establish a formal connection between the two approaches which can also be used to transfer concepts from one tradition of information flow analysis to the other. The adoption of rely-guarantee-style reasoning from security type systems, for instance, enabled us to develop a PDG-based information flow analysis for multi-threaded programs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Amtoft, T., Banerjee, A.: Information Flow Analysis in Logical Form. In: Giacobazzi, R. (ed.) SAS 2004. LNCS, vol. 3148, pp. 100–115. Springer, Heidelberg (2004)
Boudol, G., Castellani, I.: Noninterference for Concurrent Programs and Thread Systems. Theoretical Computer Science 281(1-2), 109–130 (2002)
Cheng, J.: Slicing Concurrent Programs - A Graph-Theoretical Approach. In: Fritszon, P.A. (ed.) AADEBUG 1993. LNCS, vol. 749, pp. 223–240. Springer, Heidelberg (1993)
Ferrante, J., Ottenstein, K.J., Warren, J.D.: The Program Dependence Graph and its Use in Optimization. ACM Transactions on Programming Languages and Systems 9(3), 319–349 (1987)
Giffhorn, D., Snelting, G.: Probabilistic Noninterference Based on Program Dependence Graphs. Tech. Rep. 6, Karlsruher Institut für Technologie (KIT) (2012)
Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)
Hammer, C.: Information Flow Control for Java. Ph.D. thesis, Universität Karlsruhe (TH) (2009)
Hammer, C., Snelting, G.: Flow-sensitive, Context-sensitive, and Object-sensitive Information Flow Control based on Program Dependence Graphs. International Journal of Information Security 8(6), 399–422 (2009)
Horwitz, S., Reps, T.W., Binkley, D.: Interprocedural Slicing Using Dependence Graphs. ACM Transactions on Programming Languages and Systems 12(1), 26–60 (1990)
Hsieh, C.S., Unger, E.A., Mata-Toledo, R.A.: Using Program Dependence Graphs for Information Flow Control. Journal of Systems and Software 17(3), 227–232 (1992)
Hunt, S., Sands, D.: On Flow-Sensitive Security Types. In: ACM Symposium on Principles of Programming Languages, pp. 79–90 (2006)
Krinke, J.: Advanced Slicing of Sequential and Concurrent Programs. Ph.D. thesis, Universität Passau (2003)
Mantel, H.: Information Flow and Noninterference. In: Encyclopedia of Cryptography and Security, 2nd edn., pp. 605–607. Springer (2011)
Mantel, H., Sands, D.: Controlled Declassification based on Intransitive Noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)
Mantel, H., Sands, D., Sudbrock, H.: Assumptions and Guarantees for Compositional Noninterference. In: IEEE Computer Security Foundations Symposium, pp. 218–232 (2011)
Myers, A.C.: JFlow: Practical Mostly-Static Information Flow Control. In: ACM Symposium on Principles of Programming Languages, pp. 228–241 (1999)
Naik, M., Palsberg, J.: A Type System Equivalent to a Model Checker. ACM Transactions on Programming Languages and Systems 30(5), 1–24 (2008)
Palsberg, J., O’Keefe, P.: A Type System Equivalent to Flow Analysis. In: ACM Symposium on Principles of Programming Languages, pp. 367–378 (1995)
Rehof, J., Fähndrich, M.: Type-Based Flow Analysis: From Polymorphic Subtyping to CFL-Reachability. In: ACM Symposium on Principles of Programming Languages, pp. 54–66 (2001)
Roscoe, A.W., Woodcock, J.C.P., Wulf, L.: Non-interference through Determinism. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 33–53. Springer, Heidelberg (1994)
Sabelfeld, A., Myers, A.C.: Language-based Information-Flow Security. IEEE Journal on Selected Areas in Communication 21(1), 5–19 (2003)
Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: IEEE Computer Security Foundations Workshop, pp. 200–215 (2000)
Smith, G., Volpano, D.: Secure Information Flow in a Multi-threaded Imperative Language. In: ACM Symposium on Principles of Programming Languages, pp. 355–364 (1998)
Volpano, D., Smith, G., Irvine, C.: A Sound Type System for Secure Flow Analysis. Journal of Computer Security 4(3), 1–21 (1996)
Volpano, D., Smith, G.: A Type-Based Approach to Program Security. In: Bidoit, M., Dauchet, M. (eds.) TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)
Wasserrab, D., Lochbihler, A.: Formalizing a Framework for Dynamic Slicing of Program Dependence Graphs in Isabelle/HOL. In: Mohamed, O.A., Muñoz, C., Tahar, S. (eds.) TPHOLs 2008. LNCS, vol. 5170, pp. 294–309. Springer, Heidelberg (2008)
Wasserrab, D., Lohner, D., Snelting, G.: On PDG-based Noninterference and its Modular Proof. In: ACM Workshop on Programming Languages and Analysis for Security, pp. 31–44 (2009)
Zdancewic, S., Myers, A.C.: Observational Determinism for Concurrent Program Security. In: IEEE Computer Security Foundations Workshop, pp. 29–43 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mantel, H., Sudbrock, H. (2013). Types vs. PDGs in Information Flow Analysis. In: Albert, E. (eds) Logic-Based Program Synthesis and Transformation. LOPSTR 2012. Lecture Notes in Computer Science, vol 7844. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38197-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-38197-3_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38196-6
Online ISBN: 978-3-642-38197-3
eBook Packages: Computer ScienceComputer Science (R0)