Date of this Version


Document Type

Journal Article

Publication Details

Accepted version

Vorobyov, K., Krishnan, P., & Stocks, P. (2012). A low-overhead, value-tracking approach to information flow security. Lecture Notes in Computer Science, 7504, 367-381

Access the journal

2012 HERDC submission. FoR code: 080308

The document you can download from this site is the version accepted for publication. The final publication is available at Springer

© Copyright Springer-Verlag, 2012




We present a hybrid approach to information flow security where security violations are detected at execution time. We track secure values and secure locations at run time to prevent problems such as password disclosure in C programs. This analysis is safe in the presence of pointer aliasing. Such problems are hard to solve using static analysis (or lead to many false positives). Our technique works on programs with annotations that identify values and locations that need to be secure. We instrument the annotated program with statements that capture relevant information flow with assertions that detect any violation. This instrumentation does not interfere with the safe assignment of values to variables in the program. The instrumented assertions are invoked only when relevant values or locations are involved. We demonstrate the applicability of our approach by analysing various Linux utilities such as su, sudo, passwd, ftp and ssh. Our experiments show that for safe executions the overhead introduced by our instrumentation is, on average, less than 1%.



This document has been peer reviewed.


To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.