Conference Papers: On Improvements Of Low-Deterministic Security

[irlsod16]Joachim Breitner, Jürgen Graf, Martin Hecker, Martin Mohr, Gregor Snelting, On Improvements Of Low-Deterministic Security, Piessens, Frank and Vigan{\`o}, Luca (Ed.), Principles of Security and Trust - 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2-8, 2016, Proceedings, pp. 68--88, Springer Berlin Heidelberg, 2016.


Low-security observable determinism (LSOD), as introduced by Roscoe and Zdancewic, is the simplest criterion which guar- antees probabilistic noninterference for concurrent programs. But LSOD prohibits any, even secure low-nondeterminism. Giffhorn developed an improvement, named RLSOD, which allows some secure low-nondeterminism, and can handle full Java with high precision. In this paper, we describe a new generalization of RLSOD. By applying aggressive program analysis, in particular dominators for multi-threaded programs, precision can be boosted and false alarms minimized. We explain details of the new algorithm, and provide a soundness proof. The improved RLSOD is integrated into the JOANA tool; a case study is described. We thus demonstrate that low-deterministic security is a highly precise and practically mature software security analysis method.


  [PDF]   [DOI]

Original article available at springerlink.com.


Authors at the institute

Department Head
Prof. Gregor Snelting
Scientific Staff
Jürgen Graf
Martin Hecker
Martin Mohr
Former Staff Member
Dr. rer. nat. Joachim Breitner


IFC for Mobile Components