Skip to main content

Permissive runtime information flow control in the presence of exceptions

Bichhawat, Abhishek, Rajani, Vineet, Garg, Deepak, Hammer, Christian (2021) Permissive runtime information flow control in the presence of exceptions. Journal of Computer Security, 29 (4). pp. 361-401. ISSN 0926-227X. E-ISSN 1875-8924. (doi:10.3233/JCS-211385) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:90655)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL
https://doi.org/10.3233/JCS-211385

Abstract

Information flow control (IFC) has been extensively studied as an approach to mitigate information leaks in applications. A vast majority of existing work in this area is based on static analysis. However, some applications, especially on the Web, are developed using dynamic languages like JavaScript where static analyses for IFC do not scale well. As a result, there has been a growing interest in recent years to develop dynamic or runtime information flow analysis techniques. In spite of the advances in the field, runtime information flow analysis has not been at the helm of information flow security, one of the reasons being that the analysis techniques and the security property related to them (non-interference) over-approximate information flows (particularly implicit flows), generating many false positives. In this paper, we present a sound and precise approach for handling implicit leaks at runtime. In particular, we present an improvement and enhancement of the so-called permissive-upgrade strategy, which is widely used to tackle implicit leaks in dynamic information flow control. We improve the strategy’s permissiveness and generalize it. Building on top of it, we present an approach to handle implicit leaks when dealing with complex features like unstructured control flow and exceptions in higher-order languages. We explain how we address the challenge of handling unstructured control flow using immediate post-dominator analysis. We prove that our approach is sound and precise.

Item Type: Article
DOI/Identification number: 10.3233/JCS-211385
Uncontrolled keywords: Runtime information flow control; permissive-upgrade; control-flow graphs; immediate post-dominator analysis; exceptions
Subjects: Q Science > QA Mathematics (inc Computing science)
Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Amy Boaler
Date Deposited: 06 Oct 2021 09:15 UTC
Last Modified: 08 Oct 2021 11:05 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/90655 (The current URI for this page, for reference purposes)
  • Depositors only (login required):