2012
DOI: 10.1007/978-3-642-33167-1_4
|View full text |Cite
|
Sign up to set email alerts
|

Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing

Abstract: Abstract. Tracking information flow in dynamic languages remains an open challenge. It might seem natural to address the challenge by runtime monitoring. However, there are well-known fundamental limits of dynamic flow-sensitive tracking of information flow, where paths not taken in a given execution contribute to information leaks. This paper shows how to overcome the permissiveness limit for dynamic analysis by a novel use of testing. We start with a program supervised by an informationflow monitor. The secu… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
30
0

Year Published

2012
2012
2017
2017

Publication Types

Select...
3
3
2

Relationship

3
5

Authors

Journals

citations
Cited by 21 publications
(30 citation statements)
references
References 31 publications
0
30
0
Order By: Relevance
“…This is in contrast to previous relational logics [Benton 2004;Yang 2007], which support reasoning only about programs with similar control flow, and provide inference rules for conditionals and loops with only low Boolean guards. The latter is known to be limiting in practice and prior work proposes workarounds through dynamic checks [Austin and Flanagan 2010] and testing [Birgisson et al 2012], but not statically.…”
Section: Introductionmentioning
confidence: 99%
“…This is in contrast to previous relational logics [Benton 2004;Yang 2007], which support reasoning only about programs with similar control flow, and provide inference rules for conditionals and loops with only low Boolean guards. The latter is known to be limiting in practice and prior work proposes workarounds through dynamic checks [Austin and Flanagan 2010] and testing [Birgisson et al 2012], but not statically.…”
Section: Introductionmentioning
confidence: 99%
“…In order to overcome high time overheads of software solutions for DIFT (at least 300% [8]- [10]), hardware mechanisms were implemented. We can distinguish four main approaches: 1) Filtering hardware accelerator ( [11], [12]).…”
Section: Related Workmentioning
confidence: 99%
“…Although they can be used as part of the programming language, in order to support legacy code it is more fruitful to view it as a way to incorporate the results of an automatic analysis. We have successfully experimented with the use of automatic black-box testing to inject the upgrade instructions [7]. The idea is to run a modified version of the type system on automatically generated test cases, and, whenever the type system stops the execution, the trace of the execution is inspected to find the place in the program where an upgrade instruction must be inserted.…”
Section: Permissivenessmentioning
confidence: 99%