Information flow testing the third path towards confidentiality guarantee
2007 (English)In: ADVANCES IN COMPUTER SCIENCE - ASIAN 2007: COMPUTER AND NETWORK SECURITY, PROCEEDINGS / [ed] Cervesato, I, Springer Berlin/Heidelberg, 2007, 33-47 p.Conference paper (Refereed)
Noninterference, which is an information flow property, is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. Noninterference verification mechanisms are usually based on static analyses and, to a lesser extent, on dynamic analyses. In contrast to those works, this paper proposes an information flow testing mechanism. This mechanism is sound from the point of view of noninterference. It is based on standard testing techniques and on a combination of dynamic and static analyses. Concretely, a semantics integrating a dynamic information flow analysis is proposed. This analysis makes use of static analyses results. This special semantics is built such that, once a path coverage property has been achieved on a program, a sound conclusion regarding the noninterfering behavior of the program can be established.
Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2007. 33-47 p.
, Lecture Notes In Computer Science, ISSN 0302-9743 ; 4846
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-50676ISI: 000252104600003ISBN: 978-3-540-76927-9OAI: oai:DiVA.org:kth-50676DiVA: diva2:462387
12th Asian Computing Science Conference Location: Doha, QATAR Date: DEC 09-11, 2007
QC 201112072011-12-072011-12-072011-12-07Bibliographically approved