Efficient path conditions in dependence graphs

Robschink, Torsten; Snelting, Gregor

doi:10.1145/581339.581398

Cited by 20 publications

(12 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The average slice size is 86,023 nodes, which is about 64% of the whole source code. This is more than what is typical for backward slices, due to the higher coupling of JavaCard in contrast to normal Java, and illustrates why precise witnesses can only be achieved via path conditions as described in [21,22,47].…”

Section: Implementation and Preliminary Experiencementioning

confidence: 93%

“…But more elaborate algorithms were needed to make the approach work and scale for full C and realistic programs [47,55]. The latter article contains a theorem connecting dependence graphs to the classical noninterference criterion (see also Sect.…”

Section: Pdgs and Overviewmentioning

confidence: 99%

“…In addition, we proposed an even stronger mechanism on top of PDGs, called path conditions [22,47,54,55]. Path conditions are necessary and precise conditions for flow x → * y, and reveal detailed circumstances of a flow in terms of conditions on program variables.…”

Section: Beyond Pdgsmentioning

confidence: 99%

See 2 more Smart Citations

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Hammer

Snelting

2009

Int. J. Inf. Secur.

Self Cite

172

141

View full text Add to dashboard Cite

Information flow control (IFC) checks whether a program can leak secret data to public ports, or whether critical computations can be influenced from outside. But many IFC analyses are imprecise, as they are flow-insensitive, context-insensitive, or object-insensitive; resulting in false alarms. We argue that IFC must better exploit modern program analysis technology, and present an approach based on program dependence graphs (PDG). PDGs have been developed over the last 20 years as a standard device to represent information flow in a program, and today can handle realistic programs. In particular, our dependence graph generator for full Java bytecode is used as the basis for an IFC implementation which is more precise and needs less annotations than traditional approaches. We explain PDGs for sequential and multi-threaded programs, and explain precision gains due to flow-, context-, and object-sensitivity. We then augment PDGs with a lattice of security levels and introduce the flow equations for IFC. We describe algorithms for flow computation in detail and prove their correctness. We then extend flow equations to handle declassification, and prove that our algorithm respects monotonicity of release. Finally, examples demonstrate that our implementation can check realistic sequential programs in full Java bytecode.

show abstract

Section: Implementation and Preliminary Experiencementioning

confidence: 93%

Section: Pdgs and Overviewmentioning

confidence: 99%

See 1 more Smart Citation

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Hammer

Snelting

2009

Int. J. Inf. Secur.

Self Cite

172

141

View full text Add to dashboard Cite

show abstract

“…Thus, nodes before and after the cycle are not related. For more details on how to construct boolean path conditions, see (Snelting 1996;Robschink and Snelting 2002;Snelting et al 2006).…”

Section: Boolean Path Conditionsmentioning

confidence: 99%

“…Making path conditions work for full C and realistic programs required years of theoretical and practical work (Robschink and Snelting 2002;Robschink 2005;Snelting et al 2006). Today, path conditions have proven useful in realistic case studies.…”

Section: Introductionmentioning

confidence: 99%

On temporal path conditions in dependence graphs

Lochbihler

Snelting

2009

Autom Softw Eng

Self Cite

View full text Add to dashboard Cite

Program dependence graphs are a well-established device to represent possible information flow in a program. Path conditions in dependence graphs have been proposed to express more detailed circumstances of a particular flow; they provide precise necessary conditions for information flow along a path or chop in a dependence graph. Ordinary boolean path conditions, however, cannot express temporal properties, e.g. that for a specific flow it is necessary that some condition holds, and later another specific condition holds.In this contribution, we introduce temporal path conditions, which extend ordinary path conditions by temporal operators in order to express temporal dependencies between conditions for a flow. We present motivating examples, generation and simplification rules, application of model checking to generate witnesses for a specific flow, and a case study. We prove the following soundness property: if a temporal path condition for a path is satisfiable, then the ordinary boolean path condition for the path is satisfiable. The converse does not hold, indicating that temporal path conditions are more precise.

show abstract

Slicing, Chopping, and Path Conditions with Barriers

Krinke

2004

Software Quality Journal

View full text Add to dashboard Cite

Efficient path conditions in dependence graphs

Cited by 20 publications

References 15 publications

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs

On temporal path conditions in dependence graphs

Slicing, Chopping, and Path Conditions with Barriers

Contact Info

Product

Resources

About