Speaker: Stephen McCamant, MIT
Date: Wednesday, 11 April
Time: talk 12-1, discussion 1-1:30 (lunch provided)
Place: Maxwell Dworkin 2nd floor lounge

Title: Quantitative Information-Flow Tracking for Type-Unsafe Languages

Abstract:
I’ll describe a new technique for determining how much information about a program’s secret inputs is revealed by its public outputs. The technique tracks programs’ use of data through arbitrary calculations using a fine-grained dynamic bit-tracking analysis, and measures the information revealed during a particular execution. The technique accounts for “implicit flows”, situations in which secret data has an indirect influence via branches or pointer operations. Two kinds of untrusted annotation, which mark independent sub-computations and compact data representations, improve the precision of the analysis. We’ve performed case studies on real C, C++, and Objective C programs of up to half a million lines of code. Our tool checked multiple security policies, including one that was violated by a previously unknown bug. I’ll also outline how a new simulation-based proof technique can be used to check that the technique soundly accounts for all flows in an execution.

This entry was posted on Wednesday, April 11th, 2007 at 10:25 am and is filed under Events. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.