Program Transformation for Non-interference Verification on Programs with Pointers

Assaf, Mounir; Signoles, Julien; Tronel, Frédéric; Totel, Éric

doi:10.1007/978-3-642-39218-4_18

Cited by 5 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section we set the stage by describing the underlying Frama-C framework and the constraints and goals that inuenced our design. To make the paper self-contained, we also discuss the handling of various language constructs of C in our previous work [2,4].…”

Section: An Overview Of Secure Flowmentioning

confidence: 99%

“…We briey summarize the basics of the instrumentation done by Secure Flow. These operations follow the literature [19,2,1,4].…”

Section: Overview Of Information Flow Monitoringmentioning

confidence: 99%

“…In this paper, we discuss hybrid ow-sensitive information ow analysis for C programs. In previous work, Assaf et al demonstrated that indirect ows may be carried through pointers [2,1]. They proposed a hybrid analysis through a sound program transformation which encodes the information ows in an inline monitor to detect TINI (and TANI) violations.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Hybrid Information Flow Analysis for Real-World C Code

Barany¹,

Signoles²

2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

International audienceInformation flow analysis models the propagation of data through a software system and identifies unintended information leaks. There is a wide range of such analyses, tracking flows statically, dynamically, or in a hybrid way combining both static and dynamic approaches. We present a hybrid information flow analysis for a large subset of the C programming language. Extending previous work that handled a few difficult features of C, our analysis can now deal with arrays, pointers with pointer arithmetic, structures, dynamic memory allocation, complex control flow, and statically resolvable indirect function calls. The analysis is implemented as a plugin to the Frama-C framework. We demonstrate the applicability and precision of our analyzer by applying it to an open-source cryptographic library. By combining abstract interpretation and monitoring techniques, we verify an information flow policy that proves the absence of control-flow based timing attacks against the implementations of many common cryptographic algorithms. Conversely, we demonstrate that our analysis is able to detect a known instance of this kind of vulnerability in another cryptographic primitive

show abstract

Section: An Overview Of Secure Flowmentioning

confidence: 99%

“…We briey summarize the basics of the instrumentation done by Secure Flow. These operations follow the literature [19,2,1,4].…”

Section: Overview Of Information Flow Monitoringmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Hybrid Information Flow Analysis for Real-World C Code

Barany¹,

Signoles²

2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…As mentioned several times throughout the paper, our work is heavily based on the formulation of information flow monitoring by Assaf et al [2,1]. This work only handles pointers to scalars; we have formalized this theory in Isabelle/HOL, extended it to handle arrays, and are working on extending it further.…”

Section: Related Workmentioning

confidence: 99%

Hybrid Information Flow Analysis for Programs with Arrays

Barany

2016

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Information flow analysis checks whether certain pieces of (confidential) data may affect the results of computations in unwanted ways and thus leak information. Dynamic information flow analysis adds instrumentation code to the target software to track flows at run time and raise alarms if a flow policy is violated; hybrid analyses combine this with preliminary static analysis. Using a subset of C as the target language, we extend previous work on hybrid information flow analysis that handled pointers to scalars. Our extended formulation handles arrays, pointers to array elements, and pointer arithmetic. Information flow through arrays of pointers is tracked precisely while arrays of non-pointer types are summarized efficiently. A prototype of our approach is implemented using the Frama-C program analysis and transformation framework. Work on a full machine-checked proof of the correctness of our approach using Isabelle/HOL is well underway; we present the existing parts and sketch the rest of the correctness argument.Comment: In Proceedings VPT 2016, arXiv:1607.0183

show abstract

“…Another example is the SecureFlow plug-in. SecureFlow is a source-to-source transformation that encodes information flows of an input program into itself [1,2]. It is then possible to verify with E-ACSL that the generated code does not contain information flow leakage, e.g.…”

Section: Possible Usagesmentioning

confidence: 99%

E-ACSL, a Runtime Verification Tool for Safety and Security of C Programs (tool paper)

Signoles

Kosmatov

Vorobyov³

Kalpa Publications in Computing

Self Cite

View full text Add to dashboard Cite

This tool paper presents E-ACSL, a runtime verification tool for C programs capable of checking a broad range of safety and security properties expressed using a formal specification language. E-ACSL consumes a C program annotated with formal specifications and generates a new C program that behaves similarly to the original if the formal properties are satisfied, or aborts its execution whenever a property does not hold. This paper presents an overview of E-ACSL and its specification language.

show abstract

Program Transformation for Non-interference Verification on Programs with Pointers

Cited by 5 publications

References 22 publications

Hybrid Information Flow Analysis for Real-World C Code

Hybrid Information Flow Analysis for Real-World C Code

Hybrid Information Flow Analysis for Programs with Arrays

E-ACSL, a Runtime Verification Tool for Safety and Security of C Programs (tool paper)

Contact Info

Product

Resources

About