Tools
Sorted by:
Try your query at:
 |
 |
 |
 |
 |
 |
Results 1 - 10
of
1,274
Dynamic vs. static flow-sensitive security analysis
, 2010
"... This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure program ..."
Abstract
-
Cited by 63 (14 self)
- Add to MetaCart
This paper seeks to answer fundamental questions about trade-offs between static and dynamic security analysis. It has been previously shown that flow-sensitive static information-flow analysis is a natural generalization of flowinsensitive static analysis, which allows accepting more secure
Jflow: Practical mostly-static information flow control.
- In Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages,
, 1999
"... Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too res ..."
Abstract
-
Cited by 584 (33 self)
- Add to MetaCart
Abstract A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too
Position paper: Static flow-sensitive & contextsensitive information-flow analysis for software product lines
- Workshop on Programming Languages and Analysis for Security (PLAS 2012
, 2012
"... A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow anal-yses cannot cope with such constructs. Hence, to check for po ..."
Abstract
-
Cited by 6 (3 self)
- Add to MetaCart
product lines in one single pass, without having to generate individual products from the product line. Execut-ing the analysis on the product line promises to be orders of magnitude more faster than analyzing products individually. We discuss the design of our information-flow analysis and our ongoing
Static analysis for efficient hybrid information-flow control
, 2011
"... Hybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static ana ..."
Abstract
-
Cited by 15 (2 self)
- Add to MetaCart
Hybrid information-flow monitors use a combination of static analysis and dynamic mechanisms to provide precise strong information security guarantees. However, unlike purely static mechanisms for information security, hybrid information-flow monitors incur run-time overhead. We show how static
Flow-Sensitive Type Analysis for C++
- RESEARCH REPORT RC 20267, IBM T. J. WATSON RESEARCH CENTER
, 1995
"... Static determination of run-time types is a key analysis step for compile-time optimizations of object-oriented languages with dynamic dispatch of functions. Type information is fundamental for determining the virtual functions that can be invoked and enables a number of interprocedural analyses and ..."
Abstract
-
Cited by 21 (0 self)
- Add to MetaCart
. In this paper, we show how an existing flow-sensitive pointer alias analysis that uses a compact representation can be adapted to provide a type analysis algorithm which computes type information in a lazy fashion, thereby incurring minimal additional overhead. We show that use of the type information as soon
Flow-sensitive static optimizations for runtime monitors.
, 2007
"... Abstract Runtime monitoring enables developers to specify code that executes whenever certain sequences of events occur during program execution. Tracematches, a Java language extension, permit developers to specify and execute runtime monitors. Tracematches consist of regular expressions over even ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
well in most cases, more difficult cases with large overheads remained. In this paper, we propose three novel intraprocedural optimizations with the goal of eliminating the overhead from runtime monitors. Our optimizations rely on flow-sensitivity and precise local may-alias and must-alias information
Boosting the permissiveness of dynamic information-flow tracking by testing
, 2012
"... Tracking information flow in dynamic languages remains an open challenge. It might seem natural to address the challenge by runtime monitoring. However, there are well-known fundamental limits of dynamic flow-sensitive tracking of information flow, where paths not taken in a given execution contrib ..."
Abstract
-
Cited by 15 (4 self)
- Add to MetaCart
coverage is provided by the testing. Further, we show that when the mechanism has discovered the necessary annotations, then we have an accuracy guarantee: the results of monitoring a program are at least as accurate as flow-sensitive static analysis. We illustrate our approach for a simple imperative
Intrusion Detection via Static Analysis
, 2001
"... One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The resul ..."
Abstract
-
Cited by 352 (1 self)
- Add to MetaCart
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior
General Flow-Sensitive Pointer Analysis and Call Graph
"... Abstract. Pointer analysis is a well known, widely used and very important static program analyzing technique. After having studied the literature in this field of research we found that most of the methods approach the problem in a flow-insensitive way, i.e. they omit the use of the control-flow in ..."
Abstract
- Add to MetaCart
information. Our goal was to develop a technique that is flow-sensitive and can be used in the analysis of large programs. During this process we have found that our method can give more accurate results if we build the call graph and compute the pointer information at the same time. In this paper we present
Information-Flow Analysis of Android Applications in DroidSafe
"... Abstract—We present DroidSafe, a static information flow analysis tool that reports potential leaks of sensitive information in Android applications. DroidSafe combines a comprehensive, accurate, and precise model of the Android runtime with static analysis design decisions that enable the DroidSafe ..."
Abstract
- Add to MetaCart
Abstract—We present DroidSafe, a static information flow analysis tool that reports potential leaks of sensitive information in Android applications. DroidSafe combines a comprehensive, accurate, and precise model of the Android runtime with static analysis design decisions that enable the Droid
Results 1 - 10
of
1,274
