Hybrid Information Flow Analysis for Real-World C Code

Gergö Barany 1 Julien Signoles 2
2 LSL - Laboratoire Sûreté des Logiciels
DILS - Département Ingénierie Logiciels et Systèmes : DRT/LIST/DILS
Abstract : Information flow analysis models the propagation of data through a software system and identifies unintended information leaks. There is a wide range of such analyses, tracking flows statically, dynamically, or in a hybrid way combining both static and dynamic approaches. We present a hybrid information flow analysis for a large subset of the C programming language. Extending previous work that handled a few difficult features of C, our analysis can now deal with arrays, pointers with pointer arithmetic, structures, dynamic memory allocation, complex control flow, and statically resolvable indirect function calls. The analysis is implemented as a plugin to the Frama-C framework. We demonstrate the applicability and precision of our analyzer by applying it to an open-source cryptographic library. By combining abstract interpretation and monitoring techniques, we verify an information flow policy that proves the absence of control-flow based timing attacks against the implementations of many common cryptographic algorithms. Conversely, we demonstrate that our analysis is able to detect a known instance of this kind of vulnerability in another cryptographic primitive.
Type de document :
Communication dans un congrès
TAP 2017 - 11th International Conference on Tests & Proofs, Jul 2017, Marburg, Germany. Springer, LNCS, 10375, pp.23-40, 〈10.1007/978-3-319-61467-0_2〉
Liste complète des métadonnées

Littérature citée [25 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01658653
Contributeur : Gergö Barany <>
Soumis le : jeudi 7 décembre 2017 - 17:37:04
Dernière modification le : jeudi 15 mars 2018 - 15:04:59

Fichier

hybrid_information_flow.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Gergö Barany, Julien Signoles. Hybrid Information Flow Analysis for Real-World C Code. TAP 2017 - 11th International Conference on Tests & Proofs, Jul 2017, Marburg, Germany. Springer, LNCS, 10375, pp.23-40, 〈10.1007/978-3-319-61467-0_2〉. 〈hal-01658653〉

Partager

Métriques

Consultations de la notice

85

Téléchargements de fichiers

17