Effective Blame for Information-Flow Violations

Download: PDF.

“Effective Blame for Information-Flow Violations” by David H. King, Trent Jaeger, Somesh Jha, and Sanjit Seshia. In Proceedings of the 17^th ACM SIGSOFT Foundations of Software Engineering, Nov. 2008.

Abstract

Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.

Download: PDF.

BibTeX entry:

@inproceedings{fse08,
   author = {David H. King and Trent Jaeger and Somesh Jha and Sanjit Seshia},
   title = {Effective Blame for Information-Flow Violations},
   booktitle = {Proceedings of the {\it 17^{th}} ACM SIGSOFT Foundations
	of Software Engineering},
   month = nov,
   year = {2008}
}

(This webpage was created with bibtex2web.)

Back to Trent Jaeger's Publications.