Information Leakage Analysis of Complex C Code and Its application to OpenSSL

被引：6

作者：

Malacaria, Pasquale ^{[1
]}

Tautchning, Michael ^{[1
]}

DiStefano, Dino ^{[1
]}

机构：

[1] Queen Mary Univ London, Sch Elect Engn & Comp Sci, London, England

来源：

LEVERAGING APPLICATIONS OF FORMAL METHODS, VERIFICATION AND VALIDATION: FOUNDATIONAL TECHNIQUES, PT I | 2016年 / 9952卷

基金：

英国工程与自然科学研究理事会;

关键词：

FLOW;

D O I：

10.1007/978-3-319-47166-2_63

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

The worldwide attention generated by the Heartbleed bug has demonstrated even to the general public the potential devastating consequences of information leaks. While substantial academic work has been done in the past on information leaks, these works have so far not satisfactorily addressed the challenges of automated analysis of real-world complex C code. On the other hand, effective working solutions rely on ad-hoc principles that have little or no theoretical justification. The foremost contribution of this paper is to bridge this chasm between advanced theoretical work and concrete practical needs of programmers developing real world software. We present an analysis, based on clear security principles and verification tools, which is largely automatic and effective in detecting information leaks in complex C code running everyday on millions of systems worldwide.

引用

页码：909 / 925

页数：17

共 50 条

[41] HyLeak: Hybrid Analysis Tool for Information Leakage
Biondi, Fabrizio
Kawamoto, Yusuke
Legay, Axel
Traonouez, Louis-Marie
[J]. AUTOMATED TECHNOLOGY FOR VERIFICATION AND ANALYSIS (ATVA 2017), 2017, 10482 : 156 - 163
[42] Analysis of Information Leakage in Quantum Key Agreement
刘胜利
郑东
陈克非
[J]. Journal of Shanghai Jiaotong University(Science), 2006, (02) : 219 - 223
[43] Behavioural Analysis for Prevention of Intranet Information Leakage
Manmadhan, Neenu
Achuthan, Krishnashree
[J]. 2014 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), 2014, : 1535 - 1537
[44] Supervised Canonical Correlation Analysis and Its Application to Information Fusion
Lei Gang
Zhou Jiliu
He Kun
Zhang Jian
[J]. INFORMATION-AN INTERNATIONAL INTERDISCIPLINARY JOURNAL, 2011, 14 (03): : 911 - 916
[45] SAILS: Static analysis of information leakage with sample
Zanioli, Matteo
Ferrara, Pietro
Cortesi, Agostino
[J]. Proceedings of the ACM Symposium on Applied Computing, 2012, : 1308 - 1313
[46] Research on Calculating Leakage Inductance of Power Transformer and its Application to Winding Deformation Analysis
Li, Peng
Huang, Guoqiang
Xie, Liqiang
Hu, Xiaojing
[J]. 2008 CHINA INTERNATIONAL CONFERENCE ON ELECTRICITY DISTRIBUTION, VOLS 1 AND 2, 2009, : 23 - +
[47] Hypercollecting Semantics and Its Application to Static Analysis of Information Flow
Assaf, Mounir
Naumann, David A.
Signoles, Julien
Totel, Eric
Tronel, Frederic
[J]. ACM SIGPLAN NOTICES, 2017, 52 (01) : 874 - 887
[48] Hypercollecting semantics and its application to static analysis of information flow
[J]. 1600, Association for Computing Machinery (52):
[49] Information Diffusion on Geographical Space and its Application in Risk Analysis
Huang, Chongfu
[J]. PROCEEDINGS OF THE 8TH ANNUAL MEETING OF RISK ANALYSIS COUNCIL OF CHINA ASSOCIATION FOR DISASTER PREVENTION (RAC 2018), 2018, 66 : 1 - 7
[50] The archetype generating set analysis of complex systems and its application
Jia Ren'an
Jia Xiaojing
[J]. Proceedings of the 2005 Conference of System Dynamics and Management Science, Vol 1: SUSTAINABLE DEVELOPMENT OF ASIA PACIFIC, 2005, : 28 - 37

← 1 2 3 4 5 →