Authors:
Jens Van der Plas
;
Jens Nicolay
;
Wolfgang De Meuter
and
Coen De Roover
Affiliation:
Software Languages Lab, Vrije Universiteit Brussel, Pleinlaan 2, Brussels, Belgium
Keyword(s):
Information Flow Control, Data Flow Analysis, Taint Analysis, Static Analysis, Modular Analysis.
Abstract:
Information Flow Control is important for securing applications, primarily to preserve the confidentiality and integrity of applications and the data they process. Statically determining the flows of information for security purposes helps to secure applications early in the development pipeline. However, a sound and precise static analysis is difficult to scale. Modular static analysis is a technique for improving the scalability of static analysis. In this paper, we present an approach for constructing a modular static analysis for performing Information Flow Control for higher-order, imperative programs. A modular analysis requires information about data dependencies between modules. These dependencies arise as a result of information flows between modules, and therefore we piggy-back an Information Flow Control analysis on top of an existing modular analysis. Additionally, the resulting modular Information Flow Control analysis retains the benefits of its modular character. We va
lidate our approach by performing an Information Flow Control analysis on 9 synthetic benchmark programs that contain both explicit and implicit information flows.
(More)