Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SIGSOFT
2008
ACM
2008
ACM
Effective blame for information-flow violations
Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current information-flow reporting techniques are inadequate for determining the cause of the error. Reasoning about information-flow errors can be difficult, as the flows involved can be quite subtle. We present a general model for information-flow blame that can explain the source of such security errors in code. This model is implemented by changing the information-flow verification procedure to: (1) generate supplementary information to reveal otherwise hidden program dependencies; (2) modify the constraint solver to construct a blame dependency graph; and (3) develop an explanation procedure that returns a complete and minimal error report. Our experiments show that information-flow errors can generally be explained and resolved by viewing only a small fraction of the total code.
Real-time TrafficInformation-flow Errors | Information-flow Reporting Techniques | Information-flow Verification Procedure | SIGSOFT 2008 | Software Engineering |
| Added | 20 Nov 2009 |
| Updated | 20 Nov 2009 |
| Type | Conference |
| Year | 2008 |
| Where | SIGSOFT |
| Authors | Dave King 0002, Trent Jaeger, Somesh Jha, Sanjit A. Seshia |
Comments (0)
Researcher Info
|
