JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Security Analysis of Information Flow using SAT
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of Digital Convergence
  • Volume 14, Issue 6,  2016, pp.253-261
  • Publisher : The Society of Digital Policy and Management
  • DOI : 10.14400/JDC.2016.14.6.253
 Title & Authors
Security Analysis of Information Flow using SAT
Kim, Je-Min; Kouh, Hoon-Joon;
  PDF(new window)
 Abstract
As many people use internet through the various programs of PC and mobile devices, the possibility of private data leak is increasing. A program should be used after checking security of information flow. Security analysis of information flow is a method that analyzes security of information flow in program. If the information flow is secure, there is no leakage of personal information. If the information flow not secure, there may be a leakage of personal information. This paper proposes a method of analyzing information flow that facilitates SAT solver. The method translates a program that includes variables where security level is set into propositional formula representing control and information flow. The satisfiability of the formula translated is determined by using SAT solver. The security of program is represented through the result. Counter-example is generated if the program is not secure.
 Keywords
Information Flow Analysis;Boolean Satisfiability Solver;Counter-Examples;Propositional Logic Formula;Static Single Assignment Form;
 Language
Korean
 Cited by
 References
1.
A. Sabelfeld and A. C. Myers, "Language-based information-flow security," IEEE J.Sel.A.Commun., vol. 21, no. 1 , pp. 5-19, Sep. 2006.

2.
R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck, "Efficiently computing static single assignment form and the control dependence graph," ACM Trans. Program. Lang. Syst., vol. 13, no. 4 , pp. 451-490, Oct. 1991. crossref(new window)

3.
Myung-Seong Yim, "Understanding the Factors that influence Website Retention and Privacy Unconcern After the Disclosure of Privacy Information," Journal of Digital convergence, The Korea Society of Digital Policy and Management, vol, 11, no 1, pp. 107-119, Jan. 2013.

4.
D. E. Denning, "A lattice model of secure information flow," Commun ACM, vol. 19, no. 5, pp. 236-243, May. 1976. crossref(new window)

5.
D. E. Denning and P. J. Denning, "Certification of programs for secure information flow," Commun ACM, vol. 20, no. 7, pp. 504-513, Jul. 1977. crossref(new window)

6.
K. G. Doh and S. C. Shin, "Detection of information leak by data flow analysis," SIGPLAN Not., vol. 37, no. 8, pp. 66-71, Aug. 2002. crossref(new window)

7.
D. M. Volpano and G. Smith, "A Type-Based Approach to Program Security," in Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development: Springer-Verlag, pp. 607-621, 1997.

8.
S. Hunt and D. Sands, "On flow-sensitive security types," SIGPLAN Not., vol. 41, no. 1, pp. 79-90, Jan. 2006. crossref(new window)

9.
Y. Liu and A. Milanova, "Static analysis for inference of explicit information flow," in Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, Atlanta, Georgia, pp. 50-56, 2008.

10.
R. Joshi and K. R. M. Leino, "A semantic approach to secure information flow," Science of Computer Programming, vol. 37, no. 1, pp. 113. 2000. crossref(new window)

11.
T. Amtoft and A. Banerjee, "A logic for information flow analysis with an application to forward slicing of simple imperative programs," Sci.Comput.Program., vol. 64, no. 1, pp. 3-28, Jan. 2007. crossref(new window)

12.
T. Amtoft and A. Banerjee, "Verification condition generation for conditional information flow," in Proceedings of the 2007 ACM workshop on Formal methods in security engineering, Fairfax, Virginia, USA, pp. 2-11, 2007.

13.
D'Silva, Vijay, Leopold Haller, and Daniel Kroening. "Satisfiability Solvers are Static Analysers," Eds. Antoine Mine and David Schmidt. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012.

14.
Gergo. Barany, "Hybrid Information Flow Analysis for Programs with Array," Workshop on Verification and Program Transformation, 2016.

15.
Ono, Masahiro, et al. "SMART: A Propositional Logic-Based Trade Analysis and Risk Assessment Tool for a Complex Mission," Aerospace Conference, IEEE , pp. 1-15, 2015.

16.
Walch, Martin, Rouven Walter, and Wolfgang Kuchlin. "Formal Analysis of the Linux Kernel Configuration with SAT Solving," in Proceedings of the 17th International Configuration Workshop. 2015.

17.
R. Sen and Y. N. Srikant. Executable analysis using abstract interpretation with circular linear progressions. In Proceedings of the Fifth IEEE/ACM International Conference on Formal Methods and Models for Codesign, pages 39-48. IEEE, 2007.

18.
Sik-Wan Cho, Won-Jun Jang, Hyung-Woo Lee, "Development of User Oriented Vulnerability Analysis Application on Smart Phone", Journal of the Korea Convergence Society, Vol. 3, No. 2, pp. 7-12, 2012.

19.
Seung-Soo Shin, "A Study on Multi-Media Contents Security Using Android Phone", Journal of the Korea Convergence Society, Vol. 3, No. 1, pp. 19-25, 2012.