Static Analysis for Efficient Hybrid Information-Flow Control

DSpace/Manakin Repository

Static Analysis for Efficient Hybrid Information-Flow Control

Citable link to this page


Title: Static Analysis for Efficient Hybrid Information-Flow Control
Author: Chong, Stephen N; Moore, Scott David

Note: Order does not necessarily reflect citation order of authors.

Citation: Moore, Scott and Stephen Chong. Static analysis for efficient hybrid information-flow control. Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF): June 27-29, 2011, Cernay-la-Ville, France.
Full Text & Related Files:
Abstract: Hybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static analyses can be used to make hybrid information- flow monitors more efficient, in two ways. First, a simple static analysis can determine when it is sound for a monitor to stop tracking the security level of certain variables. This potentially reduces run-time overhead of the monitor, particularly in applications where sensitive (i.e., confidential or untrusted) data is infrequently introduced to the system. Second, we derive sufficient conditions for soundly incorporating a wide range of memory abstractions into information- flow monitors. This allows the selection of a memory abstraction that gives an appropriate tradeoff between efficiency and precision. It also facilitates the development of innovative and sound memory abstractions that use run-time security information maintained by the monitor. We present and prove our results by extending the information-flow monitor of Russo and Sabelfeld (2010). These results bring us closer to efficient, sound, and precise enforcement of information security.
Published Version:
Other Sources:
Terms of Use: This article is made available under the terms and conditions applicable to Open Access Policy Articles, as set forth at
Citable link to this page:
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)


Search DASH

Advanced Search