TitleQuantitative information flow as network flow capacity
Publication TypeConference Paper
Year of Publication2008
AuthorsMcCamant S, Ernst MD
Conference NamePLDI 2008: Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation
Pagination193–205
Date or Month PublishedJune
Conference LocationTucson, AZ, USA
AbstractWe present a new technique for determining how much information about a program's secret inputs is revealed by its public outputs. In contrast to previous techniques based on reachability from secret inputs (tainting), it achieves a more precise quantitative result by computing a maximum flow of information between the inputs and outputs. The technique uses static control-flow regions to soundly account for implicit flows via branches and pointer operations, but operates dynamically by observing one or more program executions and giving numeric flow bounds specific to them (e.g., ``17 bits''). The maximum flow in a network also gives a minimum cut (a set of edges that separate the secret input from the output), which can be used to efficiently check that the same policy is satisfied on future executions. We performed case studies on 5 real C, C++, and Objective C programs, 3 of which had more than 250K lines of code. The tool checked multiple security policies, including one that was violated by a previously unknown bug.
Downloadshttps://people.csail.mit.edu/smcc/projects/secret-flow/flowcheck.html Flowcheck implementation https://groups.csail.mit.edu/pag/pubs/secret-max-flow-pldi2008.pdf PDF
Citation KeyMcCamantE2008