Precise Dynamic Verification of Confidentiality
2009 (English)In: Proceedings of the 16th ACM conference on Computer and communications security, 2009Conference paper (Refereed)
Confidentiality is maybe the most popular security property to be formally or informally verified. Noninterference is a baseline security policy to formalize confidentiality of secret information manipulated by a program. Many static analyses have been developed for the verification of noninterference. In contrast to those static analyses, this paper considers the run-time verification of the respect of confidentiality by a single execution of a program. It proposes a dynamic noninterference analysis for sequential programs based on a combination of dynamic and static analyses. The static analysisis used to analyze some unexecuted pieces of code in order to take into account all types of flows. The static analysis is sensitive to the current program state. This sensitivity allows the overall dynamic analysis to be more precise than previous work. The soundness of the overall dynamic noninterference analysis with regard to confidentiality breaches detection and correction is proved.
Place, publisher, year, edition, pages
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-50369OAI: oai:DiVA.org:kth-50369DiVA: diva2:462165
16th ACM Conference on Computer and Communications Security 2009 Chicago, IL, USA — November 09 - 13, 2009
QC 201112072011-12-062011-12-052011-12-07Bibliographically approved