Precise Scalable Static Analysis for Application-Specific Security Guarantees

DSpace/Manakin Repository

Precise Scalable Static Analysis for Application-Specific Security Guarantees

Citable link to this page


Title: Precise Scalable Static Analysis for Application-Specific Security Guarantees
Author: Johnson, Andrew Arthur
Citation: Johnson, Andrew Arthur. 2015. Precise Scalable Static Analysis for Application-Specific Security Guarantees. Doctoral dissertation, Harvard University, Graduate School of Arts & Sciences.
Full Text & Related Files:
Abstract: This dissertation presents Pidgin, a static program analysis and understanding tool that enables the specification and enforcement of precise application-specific information security guarantees. Pidgin also allows developers to interactively explore the information flows in their applications to develop policies and investigate counter-examples.

Pidgin combines program dependence graphs (PDGs), which precisely capture the in- formation flows in a whole application, with a custom PDG query language. Queries express properties about the paths in the PDG; because paths in the PDG correspond to information flows in the application, queries can be used to specify global security policies.

The effectiveness of Pidgin depends on the precision of the static analyses used to produce program dependence graphs. In particular it depends on the precision of a points-to analysis. Points-to analysis is a foundational static analysis that estimates the memory locations pointer expressions can refer to at runtime. Points-to information is used by clients ranging from compiler optimizations to security tools like Pidgin. The precision of these client analyses relies on the precision of the points-to analysis. In this dissertation we investigate points-to analysis performance/precision trade-offs, including a novel points-to analysis for object-oriented languages designed to help establish object invariants.

This dissertation describes the design and implementation of Pidgin and the points-to analyses that allow Pidgin and other static analyses to scale to large applications. We report on using Pidgin: (1) to explore information security guarantees in legacy programs; (2) to develop and modify security policies concurrently with application development; and (3) to develop policies based on known vulnerabilities.
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at
Citable link to this page:
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)


Search DASH

Advanced Search