Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Bichhawat, Abhisheka; **; * | Rajani, Vineetb; *** | Garg, Deepakc | Hammer, Christiand
Affiliations: [a] IIT Gandhinagar, India. E-mail: abhishek.b@iitgn.ac.in | [b] Max Planck Institute for Security and Privacy, Germany. E-mail: vineet.rajani@csp.mpg.de | [c] Max Planck Institute for Software Systems, Saarland Informatics Campus, Germany. E-mail: dg@mpi-sws.org | [d] University of Potsdam, Germany. E-mail: hammer@cs.uni-potsdam.de
Correspondence: [*] Corresponding author. E-mail: abhishek.b@iitgn.ac.in.
Note: [**] Work done while the author was a PhD student at Saarland University.
Note: [***] Work done while the author was a PhD student at the Max Planck Institute for Software Systems.
Abstract: Information flow control (IFC) has been extensively studied as an approach to mitigate information leaks in applications. A vast majority of existing work in this area is based on static analysis. However, some applications, especially on the Web, are developed using dynamic languages like JavaScript where static analyses for IFC do not scale well. As a result, there has been a growing interest in recent years to develop dynamic or runtime information flow analysis techniques. In spite of the advances in the field, runtime information flow analysis has not been at the helm of information flow security, one of the reasons being that the analysis techniques and the security property related to them (non-interference) over-approximate information flows (particularly implicit flows), generating many false positives. In this paper, we present a sound and precise approach for handling implicit leaks at runtime. In particular, we present an improvement and enhancement of the so-called permissive-upgrade strategy, which is widely used to tackle implicit leaks in dynamic information flow control. We improve the strategy’s permissiveness and generalize it. Building on top of it, we present an approach to handle implicit leaks when dealing with complex features like unstructured control flow and exceptions in higher-order languages. We explain how we address the challenge of handling unstructured control flow using immediate post-dominator analysis. We prove that our approach is sound and precise.
Keywords: Runtime information flow control, permissive-upgrade, control-flow graphs, immediate post-dominator analysis, exceptions
DOI: 10.3233/JCS-211385
Journal: Journal of Computer Security, vol. 29, no. 4, pp. 361-401, 2021
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl