MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis

Jens Van der Plas; Jens Nicolay; Wolfgang De Meuter; Coen De Roover

doi:10.5220/0011849900003464

MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis

Jens Van der Plas, Jens Nicolay, Wolfgang De Meuter, Coen De Roover

2023

Abstract

Information Flow Control is important for securing applications, primarily to preserve the confidentiality and integrity of applications and the data they process. Statically determining the flows of information for security purposes helps to secure applications early in the development pipeline. However, a sound and precise static analysis is difficult to scale. Modular static analysis is a technique for improving the scalability of static analysis. In this paper, we present an approach for constructing a modular static analysis for performing Information Flow Control for higher-order, imperative programs. A modular analysis requires information about data dependencies between modules. These dependencies arise as a result of information flows between modules, and therefore we piggy-back an Information Flow Control analysis on top of an existing modular analysis. Additionally, the resulting modular Information Flow Control analysis retains the benefits of its modular character. We validate our approach by performing an Information Flow Control analysis on 9 synthetic benchmark programs that contain both explicit and implicit information flows.

Download

Paper Citation

in Harvard Style

Van der Plas J., Nicolay J., De Meuter W. and De Roover C. (2023). MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis. In Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-758-647-7, SciTePress, pages 420-427. DOI: 10.5220/0011849900003464

in Bibtex Style

@conference{enase23,
author={Jens Van der Plas and Jens Nicolay and Wolfgang De Meuter and Coen De Roover},
title={MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis},
booktitle={Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2023},
pages={420-427},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011849900003464},
isbn={978-989-758-647-7},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - MODINF: Exploiting Reified Computational Dependencies for Information Flow Analysis
SN - 978-989-758-647-7
AU - Van der Plas J.
AU - Nicolay J.
AU - De Meuter W.
AU - De Roover C.
PY - 2023
SP - 420
EP - 427
DO - 10.5220/0011849900003464
PB - SciTePress