Information Flow Control for Mobile Components Based on Precise Analysis
for Parallel Programs
Future software sytems will be dynamically configured from mobile components, and will
heavily use parallellism. Security checks thus have to deal precisely with mobile software
components and their plug-in, as well as with parallel constructs and multi-threaded programs.
Current information Flow algorithms for mobile components and multi-threaded software can
be greatly improved if they leverage modern program analysis.
In this project, we use information Flow control based on program dependence graphs
for the construction of new and precise security analysis
methods for mobile components and their dynamic integration, as well as for their concurrent
interaction. New theoretical insights into the analysis of parallel programs and invariance
detection (as developed at the Software Construction and Verification Group headed by Prof. Dr. Markus Müller-Olm) will improve analysis precision in particular for
information Flow in parallel programs. New techniques for context approximation and context
inference allow to construct modular dependence graphs and handle missing application
contexts for isolated components. A scaling implementation for full Java is being developed
and exercised on realistic case studies.
The Project IFC for Mobile Components is a joint project by
Gregor Snelting and
Markus Müller-Olm (Westfälische Wilhelms-Universität Münster).
It is funded by the DFG, as part of the Priority Programme 1496 “Reliably Secure Software Systems – RS3”
Participants
Publications
| 2012 |
|
R. Küsters, T. Truderung, J. Graf:
A Framework for the Cryptographic Verification of Java-like Programs.
CSF 2012 |
|
D. Giffhorn, G. Snelting:
Probabilistic Noninterference Based on Program Dependence Graphs.
|
|
A. Lochbihler:
Java and the Java Memory Model -- a Unified, Machine-Checked Formalisation.
ESOP 2012 |
|
R. Küsters, T. Truderung, J. Graf:
A Framework for the Cryptographic Verification of Java-like Programs.
|
|
A. Flexeder, M. Müller-olm, M. Petter, H. Seidl:
Fast interprocedural linear two-variable equalities.
|
|
D. Giffhorn:
Slicing of Concurrent Programs and its Application to Information Flow Control.
|
| 2011 |
|
D. Giffhorn:
Advanced chopping of sequential and concurrent programs.
SQJ |
|
M. D. Schwarz, H. Seidl, V. Vojdani, P. Lammich, M. Müller-Olm:
Static analysis of interrupt-driven programs synchronized via the priority ceiling protocol.
|
| 2010 |
|
D. Wasserrab:
From Formal Semantics to Verified Slicing - A Modular Framework with
Applications in Language Based Security.
Ph.D. thesis |
|
M. Taghdiri, G. Snelting, C. Sinz:
Information Flow Analysis via Path Condition Refinement.
FAST 2010 |
|
C. Hammer:
Experiences with PDG-based IFC.
ESSoS'10 |
| 2009 |
|
C. Hammer, G. Snelting:
Flow-Sensitive, Context-Sensitive, and Object-sensitive Information
Flow Control Based on Program Dependence Graphs.
IJIS |
|
C. Hammer:
Information Flow Control for Java - A Comprehensive Approach based
on Path Conditions in Dependence Graphs.
Ph.D. thesis |
|
D. Wasserrab, D. Lohner, G. Snelting:
On PDG-Based Noninterference and its Modular Proof.
PLAS 2009 |
| 2008 |
|
C. Hammer, R. Schaade, G. Snelting:
Static Path Conditions for Java.
PLAS 2008 |
|
P. Lammich, M. Müller-Olm:
Conflict Analysis of Programs with Procedures, Dynamic Thread Creation, and Monitors.
|
| 2007 |
|
M. Müller-Olm, H. Seidl:
Analysis of modular arithmetic.
|
| 2006 |
|
C. Hammer, J. Krinke, G. Snelting:
Information Flow Control for Java Based on Path Conditions in Dependence
Graphs.
ISSSE 2006 |
|
M. Müller-Olm:
Variations on Constants: Flow Analysis of Sequential and Parallel Programs (Lecture Notes in Computer Science).
|
| 2004 |
|
M. Müller-Olm:
Precise interprocedural dependence analysis of parallel programs.
|
|
M. Müller-Olm, H. Seidl:
Precise interprocedural analysis through linear algebra.
|
| 2001 |
|
M. Müller-Olm, H. Seidl:
On optimal slicing of parallel programs.
|
|
