2012 IEEE 25th Computer Security Foundations Symposium 2012
DOI: 10.1109/csf.2012.24
|View full text |Cite
|
Sign up to set email alerts
|

ENCoVer: Symbolic Exploration for Information Flow Security

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
29
0

Year Published

2013
2013
2023
2023

Publication Types

Select...
6
1

Relationship

0
7

Authors

Journals

citations
Cited by 28 publications
(29 citation statements)
references
References 29 publications
0
29
0
Order By: Relevance
“…Despite their efficiency, these methods lack the precision needed to handle programs where public and sensitive information are securely interwoven. Few works [6,7,8], at least in the setting of software security, attempt to deduce what is learned by observing the public effects of the computation, and then verify that the acquired knowledge does not break a given information flow policy toward sensitive data.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Despite their efficiency, these methods lack the precision needed to handle programs where public and sensitive information are securely interwoven. Few works [6,7,8], at least in the setting of software security, attempt to deduce what is learned by observing the public effects of the computation, and then verify that the acquired knowledge does not break a given information flow policy toward sensitive data.…”
Section: Introductionmentioning
confidence: 99%
“…Recent advances software model checking and automated theorem proving show that verification of temporal epistemic properties for distributed systems is feasible [12]. Our tool, ENCoVer [13], an extension of Java Pathfinder, can verify information flow policies for interactive sequential programs. However, scalability and complexity of verification are issues that we postpone to future work.…”
Section: Introductionmentioning
confidence: 99%
“…Implicit information -as caused by guarded commands -not only depends on the actually performed execution path but also on the possibly followed (alternative) paths -which could be selected for different values of the pertinent guards. Accordingly, the FlowTracker will base the dynamic generation of the tentative addition on code annotations that stem from symbolic program executions performed at compile time, as inspired by [2].…”
Section: Need Of Local Flow Trackingmentioning
confidence: 99%
“…More recently, Torlak and Bodík (2014) have used our information-flow stack machine and its bugs with respect to EENI as a case study for their symbolic virtual machine, and report better results. Balliu et al (2012) created ENCOVER, an extension of Java PathFinder, to verify informationflow properties of Java programs by means of concolic testing. In their work, concolic testing is used to extract an abstract model of a program so that security properties can be verified by an SMT solver.…”
Section: Related Workmentioning
confidence: 99%