Static Analysis for Efficient Hybrid Information-Flow Control
MetadataShow full item record
CitationMoore, Scott and Stephen Chong. Static analysis for efficient hybrid information-flow control. Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF): June 27-29, 2011, Cernay-la-Ville, France.
AbstractHybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static analyses can be used to make hybrid information- flow monitors more efficient, in two ways. First, a simple static analysis can determine when it is sound for a monitor to stop tracking the security level of certain variables. This potentially reduces run-time overhead of the monitor, particularly in applications where sensitive (i.e., confidential or untrusted) data is infrequently introduced to the system. Second, we derive sufficient conditions for soundly incorporating a wide range of memory abstractions into information- flow monitors. This allows the selection of a memory abstraction that gives an appropriate tradeoff between efficiency and precision. It also facilitates the development of innovative and sound memory abstractions that use run-time security information maintained by the monitor. We present and prove our results by extending the information-flow monitor of Russo and Sabelfeld (2010). These results bring us closer to efficient, sound, and precise enforcement of information security.
Citable link to this pagehttp://nrs.harvard.edu/urn-3:HUL.InstRepos:8207504
- FAS Scholarly Articles