A sound analysis for secure information flow using abstract memory graph

Abstract : In this paper we present a flow-sensitive analysis for secure informa- tion flow for Java bytecode. Our approach consists of computing, at all program points, an abstract memory graph (AMG) which tracks how input values of a method may influence its outputs. This computation subsumes a points-to anal- ysis (reflecting how objects depend on each other) by addressing dependencies arising from data of primitive types and from the control flow of the program. Our graph construction is proved to be sound for both intra-procedural and inter- procedural analysis by establishing a non-interference theorem stating that if an output value is unrelated to an input one in the AMG then the output remains un- changed when the input is modified. In contrast with many type-based informa- tion flow techniques, our approach does not require security levels to be known during the computation of the graph: security aspects of information flow are checked by labeling ”a posteriori” the AMG with security levels.