Pifthon: A Compile-Time Information Flow Analyzer For An Imperative Language

by   Sandip Ghosal, et al.

Compile-time information flow analysis has been a promising technique for protecting confidentiality and integrity of private data. In the last couple of decades, a large number of information flow security tools in the form of run-time execution-monitors or static type systems have been developed for programming languages to analyze information flow security policies. However, existing flow analysis tools lack in precision and usability, which is the primary reason behind not being widely adopted in real application development. In this paper, we propose a compile-time information flow analysis for an imperative program based on a hybrid (mutable + immutable) labelling approach that enables a user to detect information flow-policy breaches and modify the program to overcome violations. We have developed an information flow security analyzer for a dialect of Python language, PyX, called Pifthon using the said approach. The flow-analyzer aids in identifying possible misuse of the information in sequential PyX programs corresponding to a given information flow policy (IFP). Pifthon has distinct advantages like reduced labelling overhead that ameliorates usability, covers a wide range of PyX programs that include termination-and progress-sensitive channels, in contrast to other approaches in the literature. The proposed flow analysis is proved to be sound under the classical non-interference property. Further, case study and experience in the usage of Pifthon are provided.


page 1

page 2

page 3

page 4


Towards a Flow- and Path-Sensitive Information Flow Analysis: Technical Report

This paper investigates a flow- and path-sensitive static information fl...

Information flow in a distributed security setting

Information flow security is classically formulated in terms of the abse...

Typed-based Relaxed Noninterference for Free

Despite the clear need for specifying and enforcing information flow pol...

Transparent IFC Enforcement: Possibility and (In)Efficiency Results

Information Flow Control (IFC) is a collection of techniques for ensurin...

Uncovering Information Flow Policy Violations in C Programs

Programmers of cryptographic applications written in C need to avoid com...

Reconciling progress-insensitive noninterference and declassification

Practitioners of secure information flow often face a design challenge: ...

Towards a General-Purpose Dynamic Information Flow Policy

Noninterference offers a rigorous end-to-end guarantee for secure propag...

Please sign up or login with your details

Forgot password? Click here to reset