Noninterference, which is an information flow property, is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. Noninterference verification mechanisms are usually based on static analyses and, to a lesser extent, on dynamic analyses. In contrast to those works, this paper proposes an information flow testing mechanism. This mechanism is sound from the point of view of noninterference. It is based on standard testing techniques and on a combination of dynamic and static analyses. Concretely, a semantics integrating a dynamic information flow analysis is proposed. This analysis makes use of static analyses results. This special semantics is built such that, once a path coverage property has been achieved on a program, a sound conclusion regarding the noninterfering behavior of the program can be established. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Le Guernic, G. (2007). Information flow testing the third path towards confidentiality guarantee. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4846 LNCS, pp. 33–47). Springer Verlag. https://doi.org/10.1007/978-3-540-76929-3_4
Mendeley helps you to discover research relevant for your work.