Journal of KIISE:Software and Applications (한국정보과학회논문지:소프트웨어및응용)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Data Flow Analysis of Secure Information-Flow in Core Imperative Programs

명령형 프로그램의 핵심부분에 대한 정보흐름 보안성의 데이타 흐름 분석

  • 신승철 (동양대학교 컴퓨터공학부) ;
  • 변석우 (경성대학교 컴퓨터과학) ;
  • 정주희 (경북대학교 수학교육) ;
  • 도경구 (한양대학교 전자컴퓨터공학부)
  • Published : 2004.05.01
Download PDF
⟨ Previous Next ⟩

Abstract

This paper uses the standard technique of data flow analysis to solve the problem of secure information-flow in core imperative programs. The existing methods tend to be overly conservative, giving “insecure” answers to many “secure” programs. The method described in this paper is designed to be more precise than previous syntactic approaches. The soundness of the analysis is proved.

이 논문은 명령형 프로그램의 핵심 부분에 대한 정보흐름의 보안성을 데이타 흐름 분석법을 사용하여 예측하는 방법을 제시한다. 지금까지 제안된 분석 기법은 정보흐름이 안전한 프로그램을 안전하지 않다고 보수적으로 판정한다는 점에서 정밀도가 떨어지는 경우가 많이 있다. 이 논문에서는 이전의 구문중심의 접근방법보다는 분석결과가 더 정밀한 새로운 분석법을 제안하고, 그 분석의 안전성을 증명한다.

Keywords

References

  1. D.E. Denning, A lattice model of secure information flow, 19(5): 236-243, 1976 https://doi.org/10.1145/360051.360056
  2. D.E. Denning and P.J. Denning, Certification of programs for secure information flow, Communication of the ACM, 20(7):504-512, 1977 https://doi.org/10.1145/359636.359712
  3. G.R. Andrews and R.P. Reitman, An axiomatic approach to information flow in programs, ACM Transactions on Programming Languages and Systems, 21(1):56-76, 1980 https://doi.org/10.1145/357084.357088
  4. M. Mizuno and D.A. Schmidt, A security flow control algorithm and its denotational semantics correctness proof, Formal Aspects of Computing, 4:722-754, 1992
  5. J.-P. Banatre, C. Bryce, and D. Metayer, Compile-time detection of information flow in sequential programs, In D. Gollmann, editor, Computer Security - ESORICS'94, the 3rd European Symposium on Research in Computer Security, Lecture Notes in Computer Science, volume 875, pages 55-73, Springer-Verlag, 1997 https://doi.org/10.1007/3-540-58618-0_56
  6. D. Volpano, G. Smith, A type-based approach to program security, In TAPSOFT'97, the 7th International Conference on Theory and Practice of Software Development, Lecture Notes in Computer Science, pages 607-621, Springer-Verlag, 1997 https://doi.org/10.1007/BFb0030629
  7. D. Volpano, G. Smith and C. Irvine, A sound type system for secure information flow, Journal of Computer Security, 4:1-21, 2001
  8. R. Joshi and K.R.M. Leino, A semantic approach to secure information flow, Science of Computer Programming, 37:113-138, 2000 https://doi.org/10.1016/S0167-6423(99)00024-6
  9. A. Sabelfeld and D. Sands, A PER model of secure information flow in sequential programs, Higher-Order and Symbolic Computations, 14:59-91, 2001 https://doi.org/10.1023/A:1011553200337
  10. F. Nielson, H.R. Nielson and C. Hankin, Principles of Program Analysis, Springer, 1999
  11. A. Sabelfeld and A.C. Myers, Language-based information-flow security, IEEE Journal on Selected Areas in Communications, To apper, 2002 https://doi.org/10.1109/JSAC.2002.806121
  12. J.A. Goguen and J. Meseguer, Unwinding and inference control, In Proc. IEEE Symposium on Security and Privacy, pages 75-86, 1984