Information Flow Control (IFC) examines whether an attacker can gain knowledge on the secret inputs of a program by just examining the public output. Sometimes leaking a small amount of information to the attacker in inevitable, e.g. a password checker will leak whether the password is equal to a given input or not. The amount of leakage is evaluated in quantitative IFC using a measure of entropy.

Static analyses are to overapproximative for concrete program executions. Dynamic analyses have problems with correctness.

Task:

The aim of this thesis is to develop and interpreter as a combination of a dynamic and a static analysis. This should allow to execute untrusted programs in an environment where leakage are possible. It should be based on bit dependency graphs that can be used in static and dynamic analyses.

Keywords

Static Analysis, Information Flow Control 

Publications

Publication

Bounding Information Leakage by Combining an Interpreter with Model Counting

Advisors

Former Staff Member
M.Sc. Johannes Bechberger

Students

Students
Tina Maria Strößner