Algorithms and tool support for dynamic information flow analysis
A new approach to dynamic information flow analysis ( DIFA) is presented, and its applications to intrusion detection, software testing and program debugging are discussed. The approach is based on a new forward-computing algorithm that enables online analysis when fast response is not critical. A n...
Gespeichert in:
| Veröffentlicht in: | Information and software technology 2009-02, Vol.51 (2), p.385-404 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 404 |
|---|---|
| container_issue | 2 |
| container_start_page | 385 |
| container_title | Information and software technology |
| container_volume | 51 |
| creator | Masri, Wes Podgurski, Andy |
| description | A new approach to
dynamic information flow analysis (
DIFA) is presented, and its applications to intrusion detection, software testing and program debugging are discussed. The approach is based on a new forward-computing algorithm that enables online analysis when fast response is not critical. A new forward-computing algorithm for
dynamic slicing is also presented, which is more precise than previous forward-computing algorithms and is not restricted to programs with structured control flow. The DIFA and slicing algorithms both rely on a new, precise
direct dynamic control dependence algorithm, which requires only constant time per program action. The correctness of this algorithm depends on special, graph-theoretic properties of control dependence, which are established here. A tool called
DynFlow is described that implements the proposed approach in order to support analysis of Java byte code programs, and two case studies are presented to illustrate how
DynFlow can be used to detect and debug insecure flows. Finally, since dynamic analysis alone is inherently unable to detect
implicit information flows, an extension to our approach is described that enables it to detect most implicit information flows at runtime. |
| doi_str_mv | 10.1016/j.infsof.2008.05.008 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1221900219</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0950584908000815</els_id><sourcerecordid>1221900219</sourcerecordid><originalsourceid>FETCH-LOGICAL-c366t-af1d3e870c64707981b1567a844bf6c7977339afe53b647c1a45cde3a63402df3</originalsourceid><addsrcrecordid>eNp9kDtPxDAQhC0EEsfjH1BEVDQJ6_iVNEinEy_pJBqoLZ9jg6MkDnYCun-PT6GioNlpvpndHYSuMBQYML9tCzfY6G1RAlQFsCLJEVrhSpCcQ8mO0QpqBjmraH2KzmJsAbAAAiu0XnfvPrjpo4-ZGpps8r7L4jyOPkyZ9SFr9oPqnc7SBh96NTk_ZLbz34lW3T66eIFOrOqiufzVc_T2cP-6ecq3L4_Pm_U214TzKVcWN8RUAjSnAkRd4R1mXKiK0p3lWtRCEFIraxjZJUJjRZluDFGcUCgbS87RzZI7Bv85mzjJ3kVtuk4Nxs9R4rLENUAaCb3-g7Z-DuneRNWclpQzSBBdIB18jMFYOQbXq7CXGOShVtnKpVZ5qFUCk0mS7W6xmfTrlzNBRu3MoE3jgtGTbLz7P-AHyKiB9A</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>196424650</pqid></control><display><type>article</type><title>Algorithms and tool support for dynamic information flow analysis</title><source>Elsevier ScienceDirect Journals</source><creator>Masri, Wes ; Podgurski, Andy</creator><creatorcontrib>Masri, Wes ; Podgurski, Andy</creatorcontrib><description>A new approach to
dynamic information flow analysis (
DIFA) is presented, and its applications to intrusion detection, software testing and program debugging are discussed. The approach is based on a new forward-computing algorithm that enables online analysis when fast response is not critical. A new forward-computing algorithm for
dynamic slicing is also presented, which is more precise than previous forward-computing algorithms and is not restricted to programs with structured control flow. The DIFA and slicing algorithms both rely on a new, precise
direct dynamic control dependence algorithm, which requires only constant time per program action. The correctness of this algorithm depends on special, graph-theoretic properties of control dependence, which are established here. A tool called
DynFlow is described that implements the proposed approach in order to support analysis of Java byte code programs, and two case studies are presented to illustrate how
DynFlow can be used to detect and debug insecure flows. Finally, since dynamic analysis alone is inherently unable to detect
implicit information flows, an extension to our approach is described that enables it to detect most implicit information flows at runtime.</description><identifier>ISSN: 0950-5849</identifier><identifier>EISSN: 1873-6025</identifier><identifier>DOI: 10.1016/j.infsof.2008.05.008</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Algorithms ; Computer programs ; Debugging ; Direct dynamic control dependence ; Dynamic information flow analysis ; Dynamic slicing ; Dynamic tests ; Dynamics ; Forward computation ; Graph theory ; Information flow ; Insecure flows ; Intrusion detection systems ; Java ; Program debugging ; Slicing ; Software ; Studies</subject><ispartof>Information and software technology, 2009-02, Vol.51 (2), p.385-404</ispartof><rights>2008 Elsevier B.V.</rights><rights>Copyright Elsevier Science Ltd. Feb 2009</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c366t-af1d3e870c64707981b1567a844bf6c7977339afe53b647c1a45cde3a63402df3</citedby><cites>FETCH-LOGICAL-c366t-af1d3e870c64707981b1567a844bf6c7977339afe53b647c1a45cde3a63402df3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0950584908000815$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,27901,27902,65306</link.rule.ids></links><search><creatorcontrib>Masri, Wes</creatorcontrib><creatorcontrib>Podgurski, Andy</creatorcontrib><title>Algorithms and tool support for dynamic information flow analysis</title><title>Information and software technology</title><description>A new approach to
dynamic information flow analysis (
DIFA) is presented, and its applications to intrusion detection, software testing and program debugging are discussed. The approach is based on a new forward-computing algorithm that enables online analysis when fast response is not critical. A new forward-computing algorithm for
dynamic slicing is also presented, which is more precise than previous forward-computing algorithms and is not restricted to programs with structured control flow. The DIFA and slicing algorithms both rely on a new, precise
direct dynamic control dependence algorithm, which requires only constant time per program action. The correctness of this algorithm depends on special, graph-theoretic properties of control dependence, which are established here. A tool called
DynFlow is described that implements the proposed approach in order to support analysis of Java byte code programs, and two case studies are presented to illustrate how
DynFlow can be used to detect and debug insecure flows. Finally, since dynamic analysis alone is inherently unable to detect
implicit information flows, an extension to our approach is described that enables it to detect most implicit information flows at runtime.</description><subject>Algorithms</subject><subject>Computer programs</subject><subject>Debugging</subject><subject>Direct dynamic control dependence</subject><subject>Dynamic information flow analysis</subject><subject>Dynamic slicing</subject><subject>Dynamic tests</subject><subject>Dynamics</subject><subject>Forward computation</subject><subject>Graph theory</subject><subject>Information flow</subject><subject>Insecure flows</subject><subject>Intrusion detection systems</subject><subject>Java</subject><subject>Program debugging</subject><subject>Slicing</subject><subject>Software</subject><subject>Studies</subject><issn>0950-5849</issn><issn>1873-6025</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2009</creationdate><recordtype>article</recordtype><recordid>eNp9kDtPxDAQhC0EEsfjH1BEVDQJ6_iVNEinEy_pJBqoLZ9jg6MkDnYCun-PT6GioNlpvpndHYSuMBQYML9tCzfY6G1RAlQFsCLJEVrhSpCcQ8mO0QpqBjmraH2KzmJsAbAAAiu0XnfvPrjpo4-ZGpps8r7L4jyOPkyZ9SFr9oPqnc7SBh96NTk_ZLbz34lW3T66eIFOrOqiufzVc_T2cP-6ecq3L4_Pm_U214TzKVcWN8RUAjSnAkRd4R1mXKiK0p3lWtRCEFIraxjZJUJjRZluDFGcUCgbS87RzZI7Bv85mzjJ3kVtuk4Nxs9R4rLENUAaCb3-g7Z-DuneRNWclpQzSBBdIB18jMFYOQbXq7CXGOShVtnKpVZ5qFUCk0mS7W6xmfTrlzNBRu3MoE3jgtGTbLz7P-AHyKiB9A</recordid><startdate>20090201</startdate><enddate>20090201</enddate><creator>Masri, Wes</creator><creator>Podgurski, Andy</creator><general>Elsevier B.V</general><general>Elsevier Science Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20090201</creationdate><title>Algorithms and tool support for dynamic information flow analysis</title><author>Masri, Wes ; Podgurski, Andy</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c366t-af1d3e870c64707981b1567a844bf6c7977339afe53b647c1a45cde3a63402df3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Algorithms</topic><topic>Computer programs</topic><topic>Debugging</topic><topic>Direct dynamic control dependence</topic><topic>Dynamic information flow analysis</topic><topic>Dynamic slicing</topic><topic>Dynamic tests</topic><topic>Dynamics</topic><topic>Forward computation</topic><topic>Graph theory</topic><topic>Information flow</topic><topic>Insecure flows</topic><topic>Intrusion detection systems</topic><topic>Java</topic><topic>Program debugging</topic><topic>Slicing</topic><topic>Software</topic><topic>Studies</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Masri, Wes</creatorcontrib><creatorcontrib>Podgurski, Andy</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Information and software technology</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Masri, Wes</au><au>Podgurski, Andy</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Algorithms and tool support for dynamic information flow analysis</atitle><jtitle>Information and software technology</jtitle><date>2009-02-01</date><risdate>2009</risdate><volume>51</volume><issue>2</issue><spage>385</spage><epage>404</epage><pages>385-404</pages><issn>0950-5849</issn><eissn>1873-6025</eissn><abstract>A new approach to
dynamic information flow analysis (
DIFA) is presented, and its applications to intrusion detection, software testing and program debugging are discussed. The approach is based on a new forward-computing algorithm that enables online analysis when fast response is not critical. A new forward-computing algorithm for
dynamic slicing is also presented, which is more precise than previous forward-computing algorithms and is not restricted to programs with structured control flow. The DIFA and slicing algorithms both rely on a new, precise
direct dynamic control dependence algorithm, which requires only constant time per program action. The correctness of this algorithm depends on special, graph-theoretic properties of control dependence, which are established here. A tool called
DynFlow is described that implements the proposed approach in order to support analysis of Java byte code programs, and two case studies are presented to illustrate how
DynFlow can be used to detect and debug insecure flows. Finally, since dynamic analysis alone is inherently unable to detect
implicit information flows, an extension to our approach is described that enables it to detect most implicit information flows at runtime.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.infsof.2008.05.008</doi><tpages>20</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0950-5849 |
| ispartof | Information and software technology, 2009-02, Vol.51 (2), p.385-404 |
| issn | 0950-5849 1873-6025 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1221900219 |
| source | Elsevier ScienceDirect Journals |
| subjects | Algorithms Computer programs Debugging Direct dynamic control dependence Dynamic information flow analysis Dynamic slicing Dynamic tests Dynamics Forward computation Graph theory Information flow Insecure flows Intrusion detection systems Java Program debugging Slicing Software Studies |
| title | Algorithms and tool support for dynamic information flow analysis |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-06T12%3A58%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Algorithms%20and%20tool%20support%20for%20dynamic%20information%20flow%20analysis&rft.jtitle=Information%20and%20software%20technology&rft.au=Masri,%20Wes&rft.date=2009-02-01&rft.volume=51&rft.issue=2&rft.spage=385&rft.epage=404&rft.pages=385-404&rft.issn=0950-5849&rft.eissn=1873-6025&rft_id=info:doi/10.1016/j.infsof.2008.05.008&rft_dat=%3Cproquest_cross%3E1221900219%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=196424650&rft_id=info:pmid/&rft_els_id=S0950584908000815&rfr_iscdi=true |