A sound analysis for secure information flow using abstract memory graphs

Abstract

In this paper we present a flow-sensitive analysis for secure information flow for Java bytecode. Our approach consists of computing, at all program points, an abstract memory graph (AMG) which tracks how input values of a method may influence its outputs. This computation subsumes a points-to analysis (reflecting how objects depend on each other) by addressing dependencies arising from data of primitive types and from the control flow of the program. Our graph construction is proved to be sound for both intra-procedural and inter-procedural analysis by establishing a non-interference theorem stating that if an output value is unrelated to an input one in the AMG then the output remains unchanged when the input is modified. In contrast with many type-based information flow techniques, our approach does not require security levels to be known during the computation of the graph: security aspects of information flow are checked by labeling "a posteriori" the AMG with security levels. © 2010 Springer.