Abstract
Noninterference, which is an information flow property, is typically used as a baseline security policy to formalize confidentiality of secret information manipulated by a program. Noninterference verification mechanisms are usually based on static analyses and, to a lesser extent, on dynamic analyses. In contrast to those works, this paper proposes an information flow testing mechanism. This mechanism is sound from the point of view of noninterference. It is based on standard testing techniques and on a combination of dynamic and static analyses. Concretely, a semantics integrating a dynamic information flow analysis is proposed. This analysis makes use of static analyses results. This special semantics is built such that, once a path coverage property has been achieved on a program, a sound conclusion regarding the noninterfering behavior of the program can be established.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ashby, W.R.: An Introduction to Cybernetics. Chapman & Hall, Sydney, Australia (1956)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. Symp. on Security and Privacy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)
Cohen, E.S.: Information transmission in computational systems. ACM SIGOPS Operating Systems Review 11(5), 133–139 (1977)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. on Selected Areas in Communications 21(1), 5–19 (2003)
Vachharajani, N., Bridges, M.J., Chang, J., Rangan, R., Ottoni, G., Blome, J.A., Reis, G.A., Vachharajani, M., August, D.I.: Rifle: An architectural framework for user-centric information-flow security. In: Proceedings of the International Symposium on Microarchitecture (2004)
Le Guernic, G., Banerjee, A., Jensen, T., Schmidt, D.: Automata-based Confidentiality Monitoring. In: Proc. Asian Computing Science Conference. LNCS, Springer, Heidelberg (2006)
Shroff, P., Smith, S.F., Thober, M.: Dynamic dependency monitoring to secure information flow. In: Proc. Computer Security Foundations Symposium, IEEE Computer Society, Los Alamitos (2007)
Le Guernic, G., Jensen, T.: Monitoring Information Flow. In: Proc. Workshop on Foundations of Computer Security, DePaul University, pp. 19–30 (2005)
Ntafos, S.C.: A comparison of some structural testing strategies. IEEE Transactions on Software Engineering 14(6), 868–874 (1988)
Beizer, B.: Software Testing Techniques. International Thomson Computer Press (1990)
Williams, N., Marre, B., Mouy, P., Muriel, R.: Pathcrawler: Automatic generation of path tests by combining static and dynamic analysis. In: Dal Cin, M., Kaâniche, M., Pataricza, A. (eds.) EDCC 2005. LNCS, vol. 3463, pp. 281–292. Springer, Heidelberg (2005)
Godefroid, P., Klarlund, N., Sen, K.: DART: Directed Automated Random Testing. In: Proc. Programming Language Design and Implementation. ACM SIGPLAN Notices, vol. 40, pp. 213–223 (2005)
Sen, K., Agha, G.: Cute and JCute: Concolic unit testing and explicit path model-checking tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006)
Gupta, N., Mathur, A.P., Soffa, M.L.: Automated Test Data Generation Using an Iterative Relaxation Method. In: Proc. Symposium on Foundations of Software Engineering, pp. 231–244. ACM Press, New York (1998)
Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proc. Symp. on Principles of Programming Languages, pp. 228–241 (1999)
Pottier, F., Simonet, V.: Information flow inference for ML. ACM Trans. on Programming Languages and Systems 25(1), 117–158 (2003)
Le Guernic, G.: Automaton-based Confidentiality Monitoring of Concurrent Programs. In: Proc. Computer Security Foundations Symposium (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Le Guernic, G. (2007). Information Flow Testing. In: Cervesato, I. (eds) Advances in Computer Science – ASIAN 2007. Computer and Network Security. ASIAN 2007. Lecture Notes in Computer Science, vol 4846. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76929-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-76929-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76927-9
Online ISBN: 978-3-540-76929-3
eBook Packages: Computer ScienceComputer Science (R0)