2008
DOI: 10.1007/978-3-540-89862-7_4
|View full text |Cite
|
Sign up to set email alerts
|

Implicit Flows: Can’t Live with ‘Em, Can’t Live without ‘Em

Abstract: Abstract. Verifying that programs trusted to enforce security actually do so is a practical concern for programmers and administrators. However, there is a disconnect between the kinds of tools that have been successfully applied to real software systems (such as taint mode in Perl and Ruby), and information-flow compilers that enforce a variant of the stronger security property of noninterference. Tools that have been successfully used to find security violations have focused on explicit flows of information,… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
49
0

Year Published

2010
2010
2017
2017

Publication Types

Select...
5
4

Relationship

0
9

Authors

Journals

citations
Cited by 71 publications
(50 citation statements)
references
References 23 publications
0
49
0
Order By: Relevance
“…Indeed, the prevalence of taint-tracking mechanisms (e.g., Perl's taint mode, and numerous systems [2,32,56,61]) show that it is intuitive and appealing for developers to consider just explicit flows. Moreover, tracking only explicit flows leads to fewer false positives (albeit at the cost of more false negatives) [15,29].…”
Section: Security Guarantees From Pdgsmentioning
confidence: 99%
“…Indeed, the prevalence of taint-tracking mechanisms (e.g., Perl's taint mode, and numerous systems [2,32,56,61]) show that it is intuitive and appealing for developers to consider just explicit flows. Moreover, tracking only explicit flows leads to fewer false positives (albeit at the cost of more false negatives) [15,29].…”
Section: Security Guarantees From Pdgsmentioning
confidence: 99%
“…λ info is much simpler than JavaScript, allowing us to reason more easily about some of the challenges involved in correctly handling implicit flows. Although exceptions add important additional complexities to implicit flows [2,24], we leave them for future work.…”
Section: A Core Language For Information Flowmentioning
confidence: 99%
“…Askarov et al [1] demonstrate that Denning-style analysis may leak more than one bit in the presence of intermediary output channels, but that any attack will be limited to a brute-force approach. Askarov and Sabelfeld [2] and King et al [24] discuss exception handling challenges. Livshits et al [25] design a system for inferring information flow policies to handle explicit flows.…”
Section: Figure 8: Privatization Inference Evaluation Rulesmentioning
confidence: 99%
“…Others, including Safe, also track implicit flows [8]-situations where the program's control state depends on secret data. A benefit of dealing with implicit flows is that we get a crisp statement of the security guarantee provided by the information-flow tracking mechanism: a noninterference theorem [6], stating (roughly) that the sensitive inputs of a program cannot influence its public outputs.…”
Section: Language Design and Information Flowmentioning
confidence: 99%