Effective blame for information-flow violations

Dave King, Trent Jaeger, Somesh Jha, Sanjit A. Seshia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations

Abstract

Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.

Original languageEnglish (US)
Title of host publicationSIGSOFT 2008/FSE-16 - Proceedings of the 16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering
Pages250-260
Number of pages11
DOIs
StatePublished - 2008
Event16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2008/FSE-16 - Atlanta, GA, United States
Duration: Nov 9 2008Nov 14 2008

Publication series

NameProceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Other

Other16th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, SIGSOFT 2008/FSE-16
Country/TerritoryUnited States
CityAtlanta, GA
Period11/9/0811/14/08

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint

Dive into the research topics of 'Effective blame for information-flow violations'. Together they form a unique fingerprint.

Cite this