Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CSFW
2010
IEEE
2010
IEEE
Dynamic vs. Static Flow-Sensitive Security Analysis
—This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure programs. It has been also shown that sound purely dynamic information-flow enforcement is more permissive than static analysis in the flow-insensitive case. We argue that the step from flow-insensitive to flow-sensitive is fundamentally limited for purely dynamic information-flow controls. We prove impossibility of a sound purely dynamic information-flow monitor that accepts programs certified by a classical flow-sensitive static analysis. A side implication is impossibility of permissive dynamic instrumented security semantics for information flow, which guides us to uncover an unsound semantics from the literature. We present a general framework for hybrid mechanisms that is param...
Real-time TrafficCSFW 2010 | Dynamic Information-flow | Security Privacy | Static Analysis | Static Information-flow Analysis |
Related Content
| Added | 15 Aug 2010 |
| Updated | 15 Aug 2010 |
| Type | Conference |
| Year | 2010 |
| Where | CSFW |
| Authors | Alejandro Russo, Andrei Sabelfeld |
Comments (0)
Researcher Info
|
