Undecidability of static analysis

Landi, William

doi:10.1145/161494.161501

Cited by 289 publications

(142 citation statements)

References 5 publications

Supporting

Mentioning

140

Contrasting

Unclassified

Order By: Relevance

“…JFlow compiler [22] statically checks programs for correctness using information flow annotations and formal rules to prevent information leaks through storage channels. The major disadvantage of all the static analysis approaches is that they require a source code, they have some limitations due to undecidability problems [21] and they might report a number of false positives [6].…”

Section: Related Workmentioning

confidence: 99%

Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

Graa

Cuppens-Boulahia

Cuppens

et al. 2012

Cyberspace Safety and Security

View full text Add to dashboard Cite

Abstract. Security in embedded systems such as smartphones requires protection of confidential data and applications. Many of security mechanisms use dynamic taint analysis techniques for tracking information flow in software. But these techniques cannot detect control flows that use conditionals to implicitly transfer information from objects to other objects. In particular, malicious applications can bypass Android system and get privacy sensitive information through control flows. We propose an enhancement of dynamic taint analysis that propagates taint along control dependencies by using the static analysis in embedded system such as Google Android operating system. By using this new approach, it becomes possible to protect sensitive information and detect most types of software exploits without reporting too many false positives.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

Graa

Cuppens-Boulahia

Cuppens

et al. 2012

Cyberspace Safety and Security

View full text Add to dashboard Cite

show abstract

“…Others have studied the complexity and decidability of precise flow-sensitive and partially-flow-sensitive points-to analysis [11,15,17].…”

Section: Related Workmentioning

confidence: 99%

The Flow-Insensitive Precision of Andersen’s Analysis in Practice

et al. 2011

View full text Add to dashboard Cite

Abstract. We present techniques for determining the precision gap between Andersen's points-to analysis and precise flow-insensitive points-to analysis in practice. While previous work has shown that such a gap may exist, no efficient algorithm for precise flow-insensitive analysis is known, making measurement of the gap on real-world programs difficult. We give an algorithm for precise flow-insensitive analysis of programs with finite memory, based on a novel technique for refining any points-to analysis with a search for flow-insensitive witnesses. We give a compact symbolic encoding of the technique that enables computing the search using a tuned SAT solver. We also present extensions of the algorithm that enable computing lower and upper bounds on the precision gap in the presence of dynamic memory allocation. In our experimental evaluation over a suite of small-to medium-sized C programs, we never observed a precision gap between Andersen's analysis and the precise analysis. In other words, Andersen's analysis computed a precise flow-insensitive result for all of our benchmarks. Hence, we conclude that while better algorithms for the precise flow-insensitive analysis are still of theoretical interest, their practical impact for C programs is likely to be negligible.

show abstract

“…While Jif's analysis could be improved, determining whether a runtime exception could occur or not is undecidable [15], so no analysis can be perfect. To show the general difficulty of the problem, consider the following code (taken from the public key authentication routine in J2SSH):…”

Section: Security Type Checking and Implicit Flowsmentioning

confidence: 99%

“…Currently, most null pointer accesses cannot be proven safe by Jif, and as almost any line of Java code can throw a NullPointerException, this leads to an unacceptably high number of false alarms. Improved analyses could reduce this false alarm rate, but due to the fundamental undecidability of determining if a null pointer access is safe [15] combined with the difficulty of maintaining invariants for every line of code (as seen in Figure 3), these analyses will likely remain imperfect.…”

Section: Towards Painfree Noninterferencementioning

confidence: 99%

Implicit Flows: Can’t Live with ‘Em, Can’t Live without ‘Em

King

Hicks

et al. 2008

Information Systems Security

View full text Add to dashboard Cite

Abstract. Verifying that programs trusted to enforce security actually do so is a practical concern for programmers and administrators. However, there is a disconnect between the kinds of tools that have been successfully applied to real software systems (such as taint mode in Perl and Ruby), and information-flow compilers that enforce a variant of the stronger security property of noninterference. Tools that have been successfully used to find security violations have focused on explicit flows of information, where high-security information is directly leaked to output. Analysis tools that enforce noninterference also prevent implicit flows of information, where high-security information can be inferred from a program's flow of control. However, these tools have seen little use in practice, despite the stronger guarantees that they provide.To better understand why, this paper experimentally investigates the explicit and implicit flows identified by the standard algorithm for establishing noninterference. When applied to implementations of authentication and cryptographic functions, the standard algorithm discovers many real implicit flows of information, but also reports an extremely high number of false alarms, most of which are due to conservative handling of unchecked exceptions (e.g., null pointer exceptions). After a careful analysis of all sources of true and false alarms, due to both implicit and explicit flows, the paper concludes with some ideas to improve the false alarm rate, toward making stronger security analysis more practical.

show abstract

Undecidability of static analysis

Cited by 289 publications

References 5 publications

Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

Detecting Control Flow in Smarphones: Combining Static and Dynamic Analyses

The Flow-Insensitive Precision of Andersen’s Analysis in Practice

Implicit Flows: Can’t Live with ‘Em, Can’t Live without ‘Em

Contact Info

Product

Resources

About