| Abstract | We present a new approach for tracking programs' use of data through arbitrary calculations, to determine how much information about secret inputs is revealed by public outputs. Using a fine-grained dynamic bit-tracking analysis, the technique measures the information revealed during a particular execution. The technique accounts for indirect flows, e.g. via branches and pointer operations. Two kinds of untrusted annotation improve the precision of the analysis. An implementation of the technique based on dynamic binary translation is demonstrated on real C, C++, and Objective C programs of up to half a million lines of code. In case studies, the tool checked multiple security policies, including one that was violated by a previously unknown bug. |
