Title :
Analysis and implementation method of program to detect inappropriate information leak
Author :
Yokomori, Reishi ; Ohata, Fumiaki ; Takata, Yoshiaki ; Seki, Hiroyuki ; Inoue, Katsuro
Author_Institution :
Graduate Sch. of Eng. Sci., Osaka Univ., Japan
Abstract :
For a program which handles secret information, it is very important to prevent inappropriate information leaks from a program with secret data. D.E. Denning (1976) proposed a mechanism to certify the security of program by statically analyzing information flow, and S. Kuninobu et al. (2000) proposed a more practical analysis framework including recursive procedure handling, although no implementation has been yet made. We propose a method of security analysis implementation, and show a security analysis tool implemented for a procedural language. We extend Kuninobu´s algorithm by devising various techniques for analysis of practical programs that have recursive calls and global variables. This method is validated by applying our tools to a simple credit card program, and we confirm that the validation of program security is very useful
Keywords :
certification; program diagnostics; program verification; security of data; credit card program; global variables; inappropriate information leak detection; information flow; procedural language; program security certification; recursive calls; recursive procedure handling; secret data; secret information; security analysis implementation; security analysis tool; static analysis; Access control; Algorithm design and analysis; Credit cards; Data engineering; Data security; Information analysis; Information science; Information security; Leak detection; Permission;
Conference_Titel :
Quality Software, 2001. Proceedings.Second Asia-Pacific Conference on
Conference_Location :
Hong Kong
Print_ISBN :
0-7695-1287-9
DOI :
10.1109/APAQS.2001.989996
