[taghdiri10fast] | Mana Taghdiri, Gregor Snelting, Carsten Sinz, Information Flow Analysis via Path Condition Refinement, International Workshop on Formal Aspects of Security and Trust, September 2010.
|
Abstract
We present a new approach to information flow control(IFC), which
exploits counterexample-guided abstraction refinement (CEGAR) technology.
The CEGAR process is built on top of our existing IFC analysis in
which illegal flows are characterized using program dependence graphs
(PDG) and path conditions (as described in [13]). Although path conditions
provide an already precise abstraction that can be used to generate
witnesses to the illegal flow, they may still cause false alarms.
Our CEGAR process recognizes false witnesses by executing them and
monitoring their executions, and eliminates them by automatically
refining path conditions in an iterative way as needed. The paper
sketches the foundations of CEGAR and PDG-based IFC, and describes
the approach in detail. An example shows how the approach finds illegal
flow, and demonstrates how CEGAR eliminates false alarms.
Download
BibTeX
Authors at the institute
Projects