An information-leak analysis system based on program slicing

An information-leak analysis system based on program slicing

For programs using secret information such as credit card numbers, preventing information-leaks is important. Denning, for example, has proposed a mechanism to certify that a given program does not violate a security policy. Kuninobu, on the other hand, has proposed a more practical framework for ca...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Information and software technology 2002-12, Vol.44 (15), p.903-910
Hauptverfasser: Yokomori, Reishi, Ohata, Fumiaki, Takata, Yoshiaki, Seki, Hiroyuki, Inoue, Katsuro
Format: Artikel
Sprache:eng
Schlagworte:
Data security
Information-leak analysis
Procedural language
Program dependence graph
Program slice
Software
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:For programs using secret information such as credit card numbers, preventing information-leaks is important. Denning, for example, has proposed a mechanism to certify that a given program does not violate a security policy. Kuninobu, on the other hand, has proposed a more practical framework for calculating the secrecy level of each output value from the secrecy level set to each input value, but no implementation has been yet explored. In this paper, we propose an implementation method for information-leak analysis, and show a system we have implemented based on program slicing. We have applied this system to a credit card program. Our results show that information-leak analysis before practical use of the program is important.
ISSN:0950-5849
1873-6025
DOI:10.1016/S0950-5849(02)00127-1