Date of this Version
We present a hybrid approach to information flow security where security violations are detected at execution time. We track secure values and secure locations at run time to prevent problems such as password disclosure in C programs. This analysis is safe in the presence of pointer aliasing. Such problems are hard to solve using static analysis (or lead to many false positives). Our technique works on programs with annotations that identify values and locations that need to be secure. We instrument the annotated program with statements that capture relevant information flow with assertions that detect any violation. This instrumentation does not interfere with the safe assignment of values to variables in the program. The instrumented assertions are invoked only when relevant values or locations are involved. We demonstrate the applicability of our approach by analysing various Linux utilities such as su, sudo, passwd, ftp and ssh. Our experiments show that for safe executions the overhead introduced by our instrumentation is, on average, less than 1%.
This document has been peer reviewed.