Sciweavers

CSFW
2010
IEEE

Dynamic vs. Static Flow-Sensitive Security Analysis

14 years 4 months ago
Dynamic vs. Static Flow-Sensitive Security Analysis
—This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive than static analysis in the flow-insensitive case. We argue that the step from flow-insensitive to flow-sensitive is fundamentally limited for purely dynamic information-flow controls. We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. We present a general framework for hybrid mechanisms that is param...
Alejandro Russo, Andrei Sabelfeld
Added 15 Aug 2010
Updated 15 Aug 2010
Type Conference
Year 2010
Where CSFW
Authors Alejandro Russo, Andrei Sabelfeld
Comments (0)