The Community for Technology Leaders
2011 IEEE 24th Computer Security Foundations Symposium (2011)
Cernay-la-Ville, France
June 27, 2011 to June 29, 2011
ISBN: 978-0-7695-4365-9
pp: 146-160
Hybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static analyses can be used to make hybrid information-flow monitors more efficient, in two ways. First, a simple static analysis can determine when it is sound for a monitor to stop tracking the security level of certain variables. This potentially reduces run-time overhead of the monitor, particularly in applications where sensitive (i.e., confidential or untrusted) data is infrequently introduced to the system. Second, we derive sufficient conditions for soundly incorporating a wide range of memory abstractions into information-flow monitors. This allows the selection of a memory abstraction that gives an appropriate tradeoff between efficiency and precision. It also facilitates the development of innovative and sound memory abstractions that use run-time security information maintained by the monitor. We present and prove our results by extending the information-flow monitor of Russo and Sabelfeld (2010). These results bring us closer to efficient, sound, and precise enforcement of information security.
information-flow control, hybrid information-flow monitors, dynamic information-flow monitors

S. Chong and S. Moore, "Static Analysis for Efficient Hybrid Information-Flow Control," 2011 IEEE 24th Computer Security Foundations Symposium(CSF), Cernay-la-Ville, France, 2011, pp. 146-160.
95 ms
(Ver 3.3 (11022016))