Sandip Ghosal

Sandip Ghosal, R. K. Shyamasundar

Compile-time information flow analysis has been a promising technique for protecting confidentiality and integrity of private data. In the last couple of decades, a large number of information flow security tools in the form of run-time execution-monitors or static type systems have been developed for programming languages to analyze information flow security policies. However, existing flow analysis tools lack in precision and usability, which is the primary reason behind not being widely adopted in real application development. In this paper, we propose a compile-time information flow analysis for an imperative program based on a hybrid (mutable + immutable) labelling approach that enables a user to detect information flow-policy breaches and modify the program to overcome violations. We have developed an information flow security analyzer for a dialect of Python language, PyX, called Pifthon using the said approach. The flow-analyzer aids in identifying possible misuse of the information in sequential PyX programs corresponding to a given information flow policy (IFP). Pifthon has distinct advantages like reduced labelling overhead that ameliorates usability, covers a wide range of PyX programs that include termination-and progress-sensitive channels, in contrast to other approaches in the literature. The proposed flow analysis is proved to be sound under the classical non-interference property. Further, case study and experience in the usage of Pifthon are provided.

Sandip Ghosal, R. K. Shyamasundar

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control locations through publicly observable statements like print, sleep, delay, etc. Such observations lead to internal and external timing attacks. Inspired by previous works that use classical Hoare style proof systems for establishing correctness of distributed (real-time) programs, in this paper, we describe a method for finding information leaks in concurrent programs through the introduction of leaky assertions at observable program points. Specifying leaky assertions akin to classic assertions, we demonstrate how information leaks can be detected in a concurrent context. To our knowledge, this is the first such work that enables integration of different notions of non-interference used in functional and security context. While the approach is sound and relatively complete in the classic sense, it enables the use of algorithmic techniques that enable programmers to come up with leaky assertions that enable checking for information leaks in sensitive applications.