Dependent security labels (security labels that depend on program states) in various forms have been introduced to express rich information flow policies. They are shown to be essential in the verification of real-world software and hardware systems such as conference management systems, Android Apps, a MIPS processor and a TrustZone-like architecture. However, most work assumes that all (complex) labels are provided manually, which can both be error-prone and time-consuming.
In this paper, we tackle the problem of automatic label inference for static information flow analyses with dependent security labels. In particular, we propose the first general framework to facilitate the design and validation (in terms of soundness and/or completeness) of inference algorithms. The framework models label inference as constraint solving and offers guidelines for sound and/or complete constraint solving. Under the framework, we propose novel constraint solving algorithms that are both sound and complete. Evaluation result on sets of constraints generated from secure and insecure variants of a MIPS processor suggests that the novel algorithms improve the performance of an existing algorithm by orders of magnitude and offers better scalability.
Wed 7 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change
13:30 - 15:00
|A Derivation Framework for Dependent Security Label Inference|
|MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts|
Neville Grech University of Athens, Michael Kong University of Sydney, Anton Jurisevic University of Sydney, Lexi Brent University of Sydney, Bernhard Scholz The University of Sydney, Yannis Smaragdakis University of AthensLink to publication Pre-print File Attached
|Faster Variational Execution with Transparent Bytecode Transformation|
|Secure Serverless Computing Using Dynamic Information Flow Control|