Title :
Detecting and debugging insecure information flows
Author :
Masri, Wes ; Podgurski, Andy ; Leon, David
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., Case Western Reserve Univ., Cleveland, OH, USA
Abstract :
A new approach to dynamic information flow analysis is presented that can be used to detect and debug insecure flows in programs. It can be applied offline to validate and debug a program against an information flow policy, or, when fast response is not critical, it can be applied online to prevent illegal flows in deployed programs. Since dynamic analysis alone is inherently unable to detect implicit information flows, our approach incorporates a static preprocessing phase that permits detection of most implicit flows at runtime, in addition to explicit ones. To support interactive debugging of insecure flows, it also incorporates a new forward computing algorithm for dynamic slicing, which is more precise than previous forward computing algorithms and is not restricted to programs with structured control flow. A prototype tool implementing the proposed approach has been developed for Java byte code programs. Case studies in which this tool was applied to several subject programs are described.
Keywords :
Java; data flow analysis; program debugging; program slicing; program testing; Java byte code programs; insecure information flows; program debugging; program dynamic analysis; program slicing; Application software; Computer science; Data security; Debugging; Heuristic algorithms; Information analysis; Java; Phase detection; Prototypes; Runtime;
Conference_Titel :
Software Reliability Engineering, 2004. ISSRE 2004. 15th International Symposium on
Print_ISBN :
0-7695-2215-7
DOI :
10.1109/ISSRE.2004.17
