Name
Title | ||
|---|---|---|
Static Information Flow Analysis with Handling of Implicit Flows and a Study on Effects of Implicit Flows vs Explicit Flows |
Abstract | ||
|---|---|---|
Reasoning about information flow can help software engineering. Static information flow inference analysis is a technique which automatically infers information flows based on data or control dependence. It can be utilized for the purposes of general program understanding, detection of security attacks and security vulnerabilities, and type inference for security type systems. This paper proposes a new static information flow inference analysis, which unlike most other information flow analyses, handles both explicit and implicit information flows. The analysis does not require annotations and it is relatively precise and practical. We illustrate the usage of the static information flow analysis on three applications. The first application of information flow analysis is security violation detection. We perform experiments on a set of Java web applications and the experiments show that our analysis effectively detects security violations. The second application is type inference. Our experiments on the Java web applications successfully infer security types. The last application studies the effect of thread-shared variables on thread-local variables. Our experiments on a set of multi-thread programs show that most of the thread-local variables are affected by the thread-shared variables. We study the impact of implicit flow versus explicit flow in these applications. Implicit flow has significant impact on all these applications. In security violation detection, implicit flow detects more security violations than explicit flow. In type inference, implicit flow infers more untrusted type variables. In the study of the effect of thread-shared variables, implicit flow detects more affected variables than explicit flow. |
Year | DOI | Venue |
|---|---|---|
2010 | 10.1109/CSMR.2010.26 | CSMR |
Keywords | Field | DocType |
implicit flow detects,information flow analysis,new static information flow,static information flow analysis,information flow,thread-shared variable,implicit flow infers,implicit flow,implicit flows vs explicit,type inference,explicit flow,implicit flows,implicit information flow,web pages,data flow analysis,type system,java,software engineering,instruction sets,type theory,generic programming,security,multi threading,internet,security vulnerability | Information flow (information theory),Data mining,Vulnerability (computing),Inference,Computer science,Type theory,Data-flow analysis,Theoretical computer science,Type inference,Web application,Java | Conference |
ISSN | Citations | PageRank |
1944-2793 | 7 | 0.52 |
References | Authors | |
28 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yin Liu | 1 | 174 | 9.07 |
| Ana Milanova | 2 | 663 | 37.98 |