Wed 7 Nov 2018 13:30 - 13:52 at Studio 1 - Security Chair(s): Tobias Wrigstad

Dependent security labels (security labels that depend on program states) in various forms have been introduced to express rich information flow policies. They are shown to be essential in the verification of real-world software and hardware systems such as conference management systems, Android Apps, a MIPS processor and a TrustZone-like architecture. However, most work assumes that all (complex) labels are provided manually, which can both be error-prone and time-consuming.

In this paper, we tackle the problem of automatic label inference for static information flow analyses with dependent security labels. In particular, we propose the first general framework to facilitate the design and validation (in terms of soundness and/or completeness) of inference algorithms. The framework models label inference as constraint solving and offers guidelines for sound and/or complete constraint solving. Under the framework, we propose novel constraint solving algorithms that are both sound and complete. Evaluation result on sets of constraints generated from secure and insecure variants of a MIPS processor suggests that the novel algorithms improve the performance of an existing algorithm by orders of magnitude and offers better scalability.

Wed 7 Nov

splash-2018-OOPSLA
13:30 - 15:00: OOPSLA - Security at Studio 1
Chair(s): Tobias WrigstadUppsala University
splash-2018-OOPSLA13:30 - 13:52
Talk
Peixuan LiPenn State University, Danfeng ZhangPennsylvania State University
splash-2018-OOPSLA13:52 - 14:15
Talk
Neville GrechUniversity of Athens, Michael KongUniversity of Sydney, Anton JurisevicUniversity of Sydney, Lexi BrentUniversity of Sydney, Bernhard ScholzThe University of Sydney, Yannis SmaragdakisUniversity of Athens
Link to publication Pre-print File Attached
splash-2018-OOPSLA14:15 - 14:37
Talk
Chu-Pan WongCarnegie Mellon University, Jens MeinickeMagdeburg University, Lukas Lazarek, Christian KästnerCarnegie Mellon University
splash-2018-OOPSLA14:37 - 15:00
Talk
Kalev AlpernasTel Aviv University, Cormac FlanaganUniversity of California, Santa Cruz, Sadjad FouladiStanford University, Leonid RyzhykVMware Research, Mooly SagivTel Aviv University, Thomas Schmitz, Keith WinsteinStanford University