Quantitative Information-Flow Tracking for C and Related Languages
We present a new approach for tracking programs' use of data througharbitrary calculations, to determine how much information about secretinputs is revealed by public outputs. Using a fine-grained dynamicbit-tracking analysis, the technique measures the information revealedduring a particular...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Language: | en_US |
| Published: |
2006
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/34892 |
| _version_ | 1811078327663853568 |
|---|---|
| author | McCamant, Stephen Ernst, Michael D. |
| author2 | Michael Ernst |
| author_facet | Michael Ernst McCamant, Stephen Ernst, Michael D. |
| author_sort | McCamant, Stephen |
| collection | MIT |
| description | We present a new approach for tracking programs' use of data througharbitrary calculations, to determine how much information about secretinputs is revealed by public outputs. Using a fine-grained dynamicbit-tracking analysis, the technique measures the information revealedduring a particular execution. The technique accounts for indirectflows, e.g. via branches and pointer operations. Two kinds ofuntrusted annotation improve the precision of the analysis. Animplementation of the technique based on dynamic binary translation isdemonstrated on real C, C++, and Objective C programs of up to half amillion lines of code. In case studies, the tool checked multiplesecurity policies, including one that was violated by a previouslyunknown bug. |
| first_indexed | 2024-09-23T10:57:51Z |
| id | mit-1721.1/34892 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T10:57:51Z |
| publishDate | 2006 |
| record_format | dspace |
| spelling | mit-1721.1/348922019-04-11T09:50:10Z Quantitative Information-Flow Tracking for C and Related Languages McCamant, Stephen Ernst, Michael D. Michael Ernst Program Analysis Confidentiality Privacy Information disclosure Tainting Implicit flows Valgrind Memcheck OpenSSH We present a new approach for tracking programs' use of data througharbitrary calculations, to determine how much information about secretinputs is revealed by public outputs. Using a fine-grained dynamicbit-tracking analysis, the technique measures the information revealedduring a particular execution. The technique accounts for indirectflows, e.g. via branches and pointer operations. Two kinds ofuntrusted annotation improve the precision of the analysis. Animplementation of the technique based on dynamic binary translation isdemonstrated on real C, C++, and Objective C programs of up to half amillion lines of code. In case studies, the tool checked multiplesecurity policies, including one that was violated by a previouslyunknown bug. 2006-11-17T11:12:32Z 2006-11-17T11:12:32Z 2006-11-17 MIT-CSAIL-TR-2006-076 http://hdl.handle.net/1721.1/34892 en_US Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory 18 p. 450616 bytes 1216950 bytes application/pdf application/postscript application/pdf application/postscript |
| spellingShingle | Confidentiality Privacy Information disclosure Tainting Implicit flows Valgrind Memcheck OpenSSH McCamant, Stephen Ernst, Michael D. Quantitative Information-Flow Tracking for C and Related Languages |
| title | Quantitative Information-Flow Tracking for C and Related Languages |
| title_full | Quantitative Information-Flow Tracking for C and Related Languages |
| title_fullStr | Quantitative Information-Flow Tracking for C and Related Languages |
| title_full_unstemmed | Quantitative Information-Flow Tracking for C and Related Languages |
| title_short | Quantitative Information-Flow Tracking for C and Related Languages |
| title_sort | quantitative information flow tracking for c and related languages |
| topic | Confidentiality Privacy Information disclosure Tainting Implicit flows Valgrind Memcheck OpenSSH |
| url | http://hdl.handle.net/1721.1/34892 |
| work_keys_str_mv | AT mccamantstephen quantitativeinformationflowtrackingforcandrelatedlanguages AT ernstmichaeld quantitativeinformationflowtrackingforcandrelatedlanguages |