Information Leakage Analysis of Complex C Code and Its application to OpenSSL

被引：6

作者：

Malacaria, Pasquale ^{[1
]}

Tautchning, Michael ^{[1
]}

DiStefano, Dino ^{[1
]}

机构：

[1] Queen Mary Univ London, Sch Elect Engn & Comp Sci, London, England

来源：

LEVERAGING APPLICATIONS OF FORMAL METHODS, VERIFICATION AND VALIDATION: FOUNDATIONAL TECHNIQUES, PT I | 2016年 / 9952卷

基金：

英国工程与自然科学研究理事会;

关键词：

FLOW;

D O I：

10.1007/978-3-319-47166-2_63

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The worldwide attention generated by the Heartbleed bug has demonstrated even to the general public the potential devastating consequences of information leaks. While substantial academic work has been done in the past on information leaks, these works have so far not satisfactorily addressed the challenges of automated analysis of real-world complex C code. On the other hand, effective working solutions rely on ad-hoc principles that have little or no theoretical justification. The foremost contribution of this paper is to bridge this chasm between advanced theoretical work and concrete practical needs of programmers developing real world software. We present an analysis, based on clear security principles and verification tools, which is largely automatic and effective in detecting information leaks in complex C code running everyday on millions of systems worldwide.

引用

页码：909 / 925

页数：17

共 50 条

[1] The minimum information principle and its application to neural code analysis
Globerson, Amir
Stark, Eran
Vaadiab, Eilon
Tishby, Naftali
[J]. PROCEEDINGS OF THE NATIONAL ACADEMY OF SCIENCES OF THE UNITED STATES OF AMERICA, 2009, 106 (09) : 3490 - 3495
[2] Sensitive information leakage analysis of database code by abstract interpretation
Jana, Angshuman
[J]. International Journal of Security and Networks, 2023, 18 (02) : 91 - 105
[3] Qualitative and Quantitative Analysis of Information Leakage in Java']Java Source Code
Chen, Bo
Xu, Da-wei
Yu, Ling
[J]. NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS, 2009, : 338 - 342
[4] Hierarchical Statistical Leakage Analysis and Its Application
Xu, Yang
Teich, Juergen
[J]. ACM TRANSACTIONS ON DESIGN AUTOMATION OF ELECTRONIC SYSTEMS, 2016, 21 (04)
[5] Can Code Polymorphism Limit Information Leakage?
Amarilli, Antoine
Mueller, Sascha
Naccache, David
Page, Daniel
Rauzy, Pablo
Tunstall, Michael
[J]. INFORMATION SECURITY THEORY AND PRACTICE: SECURITY AND PRIVACY OF MOBILE DEVICES IN WIRELESS COMMUNICATION, 2011, 6633 : 1 - 21
[6] Complex Delta Function and Its Information Application
Smagin, V. A.
[J]. AUTOMATIC CONTROL AND COMPUTER SCIENCES, 2014, 48 (01) : 10 - 16
[7] A Static Analysis Model for Implicit Information Leakage in Android Application
Cao, Hongsheng
Jiao, Jian
Li, Denghui
[J]. 2018 IEEE 18TH INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY (ICCT), 2018, : 1133 - 1140
[8] The minimum information principle and its application to neural code analysis (vol 106, pg 3490, 2009)
Globerson, Amir
Stark, Eran
Vaadia, Eilon
Tishby, Naftali
[J]. PROCEEDINGS OF THE NATIONAL ACADEMY OF SCIENCES OF THE UNITED STATES OF AMERICA, 2009, 106 (10) : 4061 - 4061
[9] Complex analysis theory and its application
Feng, TL
Zhang, XG
Li, YD
Tang, DH
Zhou, KD
Xu, C
[J]. STRUCTURAL ENGINEERING AND MECHANICS, VOLS 1 AND 2, 1999, : 519 - 524
[10] Field analysis of metallogenic information and its application
Mao Xian-cheng
Hu Chao
Zhou Shang-guo
Zhang Bao-yi
Wang Fan-yun
Zeng Wen-bo
[J]. JOURNAL OF CENTRAL SOUTH UNIVERSITY OF TECHNOLOGY, 2011, 18 (01): : 196 - 207

← 1 2 3 4 5 →