towards a flow and path sensitive information flow
play

Towards a Flow- and Path-Sensitive Information Flow Analysis - PowerPoint PPT Presentation

Apr 11, 2023 •130 likes •379 views

Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu Background: Information Flow Analysis o Security enforcement to prevent

  1. Towards a Flow- and Path-Sensitive Information Flow Analysis Peixuan Li, Danfeng Zhang Pennsylvania State University University Park, PA, USA {pzl129,zhang}@cse.psu.edu

  2. Background: Information Flow Analysis o Security enforcement to prevent leakage of sensitive data o Non-interference : no dependence of public outputs on secret inputs o Lattice model : Information has labels that form a lattice o Information Flow S : secret P : public o Explicit flow – assignment S o Implicit flow – branch Program (secure) Secret Input P s Public Output Public Input p p 08/22/2017 30th IEEE Computer Security Foundations Symposium 1

  3. Problem of Interest o Conservative: sound but not complete o Sound: Checked → Secure False Alarm o Complete: Secure → Checked Secure Program Flow-Sensitive Checked Program Path-Sensitive o Source of Conservativeness o Flow-Sensitivity – to differentiate for the order of execution o Path-Sensitivity – to differentiate for the execution paths 08/22/2017 30th IEEE Computer Security Foundations Symposium 2

  4. Source of Conservativeness o Flow-Sensitivity – to differentiate for the order of execution o Path-Sensitivity – to differentiate for execution path Program (secure) Insecure Program: Insecure Program: Path-Sensitivity Flow-Sensitivity 08/22/2017 30th IEEE Computer Security Foundations Symposium 3

  5. Overview Flow- & Path- Sensitive Analysis Program Program Transformation Dependent Type Flow-sensitivity System Path-sensitivity Transformed Soundness Proof Comparison with a flow-sensitive system 08/22/2017 30th IEEE Computer Security Foundations Symposium 4

  6. Overview – Sensitivity Knob o Sensitivity Tuner o Flow-sensitivity – Bracketed Assignments o Path-sensitivity – Dependent Type Labels MIN MAX o Less type annotation o Accept more secure programs o Simple analysis o Program readability 08/22/2017 30th IEEE Computer Security Foundations Symposium 5

  7. Overview Flow- & Path- Sensitive Analysis Program Program Transformation Dependent Type Flow-sensitivity System Path-sensitivity Transformed Proof of soundness on non-interference Comparison with a flow-sensitive system 08/22/2017 30th IEEE Computer Security Foundations Symposium 6

  8. Program Transformation o Goal – To gain flow-sensitivity Program (secure) Flow-Sensitive Type System: v Update & Record types at each program point v Complicates the design of the type system 08/22/2017 30th IEEE Computer Security Foundations Symposium 7

  9. Program Transformation o Goal – To gain flow-sensitivity Program (secure) Secure: Type checked by flow- insensitive type systems v Renaming gains flow-sensitivity 08/22/2017 30th IEEE Computer Security Foundations Symposium 8

  10. Program Transformation o Goal – To gain flow-sensitivity Bracketed Assignment Program (secure) Active Copy Active Set 08/22/2017 30th IEEE Computer Security Foundations Symposium 9

  11. Program Transformation o Goal – To gain flow-sensitivity Bracketed Assignment Program (secure) Rename Merge 08/22/2017 30th IEEE Computer Security Foundations Symposium 10

  12. Program Transformation o Difference from SSA o Tunable bracketed assignments – not all assignment need renaming o No phi-function – simplify the analysis and soundness proof o Details are discussed in the paper 08/22/2017 30th IEEE Computer Security Foundations Symposium 11

  13. Program Transformation active set x 1 x 2 x o Transformation Correctness y y 1 y 2 o memory projection on active set … … Memory of original Memory of transformed program program 08/22/2017 30th IEEE Computer Security Foundations Symposium 12

  14. Review Flow- & Path- Sensitive Analysis Program Program Transformation Dependent Type Flow-sensitivity System Path-sensitivity Transformed Soundness Proof Comparison with a flow-sensitive system 08/22/2017 30th IEEE Computer Security Foundations Symposium 13

  15. Dependent Type System o Goal – To gain Path-Sensitivity o Dependent Security Label Program (secure) o Predicates Generator o Information flow constraints: s y Line 2: Line 3: 08/22/2017 30th IEEE Computer Security Foundations Symposium 14

  16. Dependent Type System o Challenge Line 2: Line 4: Program (secure) Insecure Program: y: S y: P s s Implicit Declassification 08/22/2017 30th IEEE Computer Security Foundations Symposium 15

  17. Dependent Type System o Solution to Implicit Declassification y: S y: P s s 0 o A. Reject if program contains any mutable dependency o B. Dynamically erase variable content for mutable dependency o Runtime overhead o Changing program behavior o C. Reject if program contains mutable dependency on live variable 08/22/2017 30th IEEE Computer Security Foundations Symposium 16

  18. Dependent Type System o Soundness 08/22/2017 30th IEEE Computer Security Foundations Symposium 17

  19. Proof of non-interference o Soundness of non-interference Final State Initial State Excution 1: Excution 2: Excution 1: Excution 2: Initial State Final State 08/22/2017 30th IEEE Computer Security Foundations Symposium 18

  20. Review Flow- & Path- Sensitive Analysis Program Program Transformation Dependent Type Flow-sensitivity System Path-sensitivity Transformed Soundness Proof Comparison with a flow-sensitive system 08/22/2017 30th IEEE Computer Security Foundations Symposium 19

  21. Comparison o Comparison with a classic flow-sensitive type system o HS System – S. Hunt and D. Sands, “On flow-sensitive security types,” in Principles of Programming Languages (POPL) , 2006 o Flow-Sensitivity o Path-Sensitivity MIN MAX MIN MAX MIN MAX MIN MAX HS System Our system HS System Our system v Strictly more precise than HS system 08/22/2017 30th IEEE Computer Security Foundations Symposium 20

  22. Comparison o Strictly more precise than HS system Program (secure) o Subsumes the HS system o Accepts more secure program 08/22/2017 30th IEEE Computer Security Foundations Symposium 21

  23. Conclusion Flow- & Path Sensitive Analysis Program Program Transformation Dependent Type System o Dependent Labels o Bracketed Assignment o Predicates Generator o Correctness o Implicit Declassification o Liveness Analysis Transformed Soundness Proof Comparison with classic flow-sensitive system 08/22/2017 30th IEEE Computer Security Foundations Symposium 22

Recommend

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

Flow Networks Flow Network: - digraph - weights, called capacities on edges - two

M AXIMUM F LOW How to do it... Why you want it... Where you find it... The Tao of Flow: Let your body go with the flow. -Madonna, Vogue Maximum flow...because youre worth it. -Loreal Go with the flow, Joe.

619 views • 20 slides
May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples

May 15: Information Flow and Confinement Information flow for integrity policies Examples of information flow controls Android phone Firewalls Confinement Virtual machines May 15, 2017 ECS 235B Spring Quarter 2017 Slide

487 views • 32 slides
Control Flow CS105 : Saelee dynamic flow of execution single path sequential decisions

Control Flow CS105 : Saelee dynamic flow of execution single path sequential decisions

Control Flow CS105 : Saelee dynamic flow of execution single path sequential decisions questions conditional operators Math Notation Ruby Operator < < > > >= <= = == != Boolean values true

465 views • 17 slides
Parallel Flow-Sensitive Pointer Analysis by Graph-Rewriting Vaivaswatha Nagaraj R. Govindarajan

Parallel Flow-Sensitive Pointer Analysis by Graph-Rewriting Vaivaswatha Nagaraj R. Govindarajan

Parallel Flow-Sensitive Pointer Analysis by Graph-Rewriting Vaivaswatha Nagaraj R. Govindarajan Indian Institute of Science, Bangalore PACT 2013 PACT'13 2 Outline Introduction Background Flow-sensitive graph-rewriting formulation

1.06k views • 74 slides
Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation)

Decompilation is an information-flow problem (Or, information flow meets program transformation) Boris Feigin Computer Laboratory, University of Cambridge PLID 2008 joint work with Alan Mycroft 1 / 22 Motivation Given suitable tools we

605 views • 33 slides
Timing-Sensitive Information-Flow Security Danfeng Zhang , Yao Wang, G. Edward Suh and Andrew C.

Timing-Sensitive Information-Flow Security Danfeng Zhang , Yao Wang, G. Edward Suh and Andrew C.

A Hardware Design Language for Timing-Sensitive Information-Flow Security Danfeng Zhang , Yao Wang, G. Edward Suh and Andrew C. Myers Cornell University ASPLOS 2015 Information Security via Isolation memory memory memory space 1 space 2

692 views • 35 slides
E E nhanced DE nhanced DE M-based flow path M-based flow path delineation algorithms for

E E nhanced DE nhanced DE M-based flow path M-based flow path delineation algorithms for

E E nhanced DE nhanced DE M-based flow path M-based flow path delineation algorithms for urban delineation algorithms for urban drainage modelling drainage modelling Joo Paulo Leito , S. Boonya-aroonnet, D. Prodanovi and .

469 views • 20 slides
5. Network flow problems Example: Sailco Minimum-cost flow problems Transportation

5. Network flow problems Example: Sailco Minimum-cost flow problems Transportation

CS/ECE/ISyE 524 Introduction to Optimization Spring 201718 5. Network flow problems Example: Sailco Minimum-cost flow problems Transportation problems Shortest/longest path problems Max-flow problems Integer solutions

541 views • 30 slides
Potential Flow & Flow Nets Potential Flow Irrotational flow for which implies:

Potential Flow & Flow Nets Potential Flow Irrotational flow for which implies:

Potential Flow & Flow Nets Potential Flow Irrotational flow for which implies: This allows you to decompose velocity into a scalar potential such that: Combined with conservation of mass (continuity) and incompressibility you

110 views • 7 slides
Flow Visualization Overview: Flow Visualization (1) Introduction, overview Flow data Simulation

Flow Visualization Overview: Flow Visualization (1) Introduction, overview Flow data Simulation

Flow Visualization Overview: Flow Visualization (1) Introduction, overview Flow data Simulation vs. measurement vs. modelling 2D vs. surfaces vs. 3D Steady vs time-dependent flow Direct vs. indirect flow visualization Experimental flow

1.18k views • 92 slides
Flow Visualization Overview: Flow Visualization (1) Introduction, overview Fl Flow data d t

Flow Visualization Overview: Flow Visualization (1) Introduction, overview Fl Flow data d t

Flow Visualization Overview: Flow Visualization (1) Introduction, overview Fl Flow data d t Simulation vs. measurement vs. modelling 2D vs. surfaces vs. 3D Steady vs time-dependent flow St d ti d d t fl Direct vs. indirect flow

957 views • 92 slides
1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

1 What Is Control-Flow Analysis? Loop Concepts Control-flow analysis discovers the flow of

Control-Flow Analysis and Loop Detection Context Last time Data-flow Speeding up data-flow analysis Flow of data values from defs to uses Could alternatively be represented as a data dependence Today Control-flow analysis

516 views • 5 slides
IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX)

IP Flow Information eXport IP Flow Information eXport (IPFIX) (IPFIX) elisa.boschi@hitachi-eu.com {boschi, zseby, mark, hirsch}@fokus.fraunhofer.de Outline Outline IPFIX Terminology Applicability Initial Goals

212 views • 19 slides
Efficient Protection of Path-Sensitive Control Security Ren Ding , Chenxiong Qian, Chengyu Song*,

Efficient Protection of Path-Sensitive Control Security Ren Ding , Chenxiong Qian, Chengyu Song*,

Efficient Protection of Path-Sensitive Control Security Ren Ding , Chenxiong Qian, Chengyu Song*, Bill Harris, Taesoo Kim, Wenke Lee Georgia Tech, UC Riverside* What is Control Flow? The order of instruction execution Only limited sets of

480 views • 29 slides
Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement

Lecture 19: Flow and Confinement Examples of information flow applications The confinement problem Covert channels Isolation: virtual machines, sandboxes March 2, 2009 ECS 235B, Winter Quarter 2009 Slide #19-1 Matt Bishop, UC

322 views • 30 slides
Data Flow Coverage 1 Stuart Anderson Stuart Anderson Data Flow Coverage 1 2011 c 1 Why

Data Flow Coverage 1 Stuart Anderson Stuart Anderson Data Flow Coverage 1 2011 c 1 Why

Data Flow Coverage 1 Stuart Anderson Stuart Anderson Data Flow Coverage 1 2011 c 1 Why Consider Data Flow? Control Flow: Statement and branch coverage criteria are weak. Condition coverage and path coverage are more costly and

831 views • 20 slides
1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

1 Liveness by Example (cont) Control Flow Graphs (CFGs) Live range of a Definition a is live

Introduction to Data-flow analysis Data-flow Analysis Last Time Idea Undergraduate compilers review Data-flow analysis derives information about the dynamic behavior of a program by only examining the static code Assem.Instr data

903 views • 4 slides
Quantitative Information O I U N Program / Flow Analysis T P P Function U U T T CSCI

Quantitative Information O I U N Program / Flow Analysis T P P Function U U T T CSCI

5/1/19 Motivation Quantitative Information O I U N Program / Flow Analysis T P P Function U U T T CSCI 5271 Guest Lecture An output has some data of an input. Seonmo (Sean) Kim If the input contains some sensitive data,

86 views • 5 slides
Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson

Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson

Mat 3770 Network Flows Network Flow Mat 3770 Conservation Max Flow Network Flows flow Cancellation Cut Ford- Fulkerson Residual Spring 2014 Network Augmenting Path Max-flow Min-cut Matching 4.2 Network Flows Mat 3770 Network

896 views • 61 slides
Max flow and min cost max flow Han Hoogeveen May 23, 2014 Basic problem description Given:

Max flow and min cost max flow Han Hoogeveen May 23, 2014 Basic problem description Given:

Max flow and min cost max flow Han Hoogeveen May 23, 2014 Basic problem description Given: directed graph G = ( V, A ) with special vertices s and t . The goal is to find a flow x from s (source) to t (sink) of maximum size. The flow x

247 views • 11 slides
CS 401 Max Flow / Bipartite Matching Xiaorui Sun 1 Flow network Flow network. G = (V, E) =

CS 401 Max Flow / Bipartite Matching Xiaorui Sun 1 Flow network Flow network. G = (V, E) =

CS 401 Max Flow / Bipartite Matching Xiaorui Sun 1 Flow network Flow network. G = (V, E) = directed graph, no parallel edges. Two distinguished nodes: s = source, t = sink. c(e) = capacity of edge e. 9 2 5 10 15 15 10 4 source 5

1.01k views • 21 slides
Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies

Lecture 17: Information Flow Basics and background Entropy Nonlattice flow policies Compiler-based mechanisms Execution-based mechanisms Examples Security Pipeline Interface Secure Network Server Mail Guard February

625 views • 44 slides
Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy

Secure Information Flow ! Protecting the confidentiality of secret information Quantifying Information is a fundamental issue in computer security: Flow Using Min-Entropy Blood type: AB Birth date: 9/5/46 HIV: positive ! Access control and

399 views • 10 slides
Review. Ford-Fulkerson algorithm for max-flow: repeatedly augment flow along paths in the

Review. Ford-Fulkerson algorithm for max-flow: repeatedly augment flow along paths in the

Review. Ford-Fulkerson algorithm for max-flow: repeatedly augment flow along paths in the residual graph If capacities are integers, F-F finds an integer valued flow Running time: O((m+n)OPT), where OPT is the value of the max flow

836 views • 30 slides

More recommend