Konferenzartikel: On Improvements Of Low-Deterministic Security

[irlsod16]Joachim Breitner, Jürgen Graf, Martin Hecker, Martin Mohr, Gregor Snelting, On Improvements Of Low-Deterministic Security, Piessens, Frank and Vigan{\`o}, Luca (Ed.), Principles of Security and Trust - 5th International Conference, POST 2016, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2016, Eindhoven, The Netherlands, April 2-8, 2016, Proceedings, pp. 68--88, Springer Berlin Heidelberg, 2016.


Low-security observable determinism (LSOD), as introduced by Roscoe and Zdancewic, is the simplest criterion which guar- antees probabilistic noninterference for concurrent programs. But LSOD prohibits any, even secure low-nondeterminism. Giffhorn developed an improvement, named RLSOD, which allows some secure low-nondeterminism, and can handle full Java with high precision. In this paper, we describe a new generalization of RLSOD. By applying aggressive program analysis, in particular dominators for multi-threaded programs, precision can be boosted and false alarms minimized. We explain details of the new algorithm, and provide a soundness proof. The improved RLSOD is integrated into the JOANA tool; a case study is described. We thus demonstrate that low-deterministic security is a highly precise and practically mature software security analysis method.


  [PDF]   [DOI]

Original article available at springerlink.com.


Institutsinterne Autoren

Prof. Gregor Snelting
Ehemalige Mitarbeiter
Dr. rer. nat. Joachim Breitner
Dr.-Ing. Jürgen Graf
Dr.-Ing. Martin Hecker
Dr.-Ing. Martin Mohr


IFC for Mobile Components