| dc.contributor.advisor |
Michael Ernst |
|
| dc.contributor.author |
McCamant, Stephen |
|
| dc.contributor.author |
Ernst, Michael D. |
|
| dc.contributor.other |
Program Analysis |
|
| dc.date.accessioned |
2006-11-17T11:12:32Z |
|
| dc.date.available |
2006-11-17T11:12:32Z |
|
| dc.date.issued |
2006-11-17 |
|
| dc.identifier.other |
MIT-CSAIL-TR-2006-076 |
|
| dc.identifier.uri |
http://hdl.handle.net/1721.1/34892 |
|
| dc.description.abstract |
We present a new approach for tracking programs' use of data througharbitrary calculations, to determine how much information about secretinputs is revealed by public outputs. Using a fine-grained dynamicbit-tracking analysis, the technique measures the information revealedduring a particular execution. The technique accounts for indirectflows, e.g. via branches and pointer operations. Two kinds ofuntrusted annotation improve the precision of the analysis. Animplementation of the technique based on dynamic binary translation isdemonstrated on real C, C++, and Objective C programs of up to half amillion lines of code. In case studies, the tool checked multiplesecurity policies, including one that was violated by a previouslyunknown bug. |
|
| dc.description.provenance |
Made available in DSpace on 2006-11-17T11:12:32Z (GMT). No. of bitstreams: 2
MIT-CSAIL-TR-2006-076.pdf: 450616 bytes, checksum: 227cfee58125db9fae0e1e122b59042c (MD5)
MIT-CSAIL-TR-2006-076.ps: 1216950 bytes, checksum: 21c7b99a6b052f6d92e5d6d25396dc32 (MD5)
Previous issue date: 2006-11-17 |
en |
| dc.format.extent |
18 p. |
|
| dc.format.extent |
450616 bytes |
|
| dc.format.extent |
1216950 bytes |
|
| dc.format.mimetype |
application/pdf |
|
| dc.format.mimetype |
application/postscript |
|
| dc.language.iso |
en_US |
|
| dc.relation.ispartofseries |
Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory |
|
| dc.subject |
Confidentiality |
|
| dc.subject |
Privacy |
|
| dc.subject |
Information disclosure |
|
| dc.subject |
Tainting |
|
| dc.subject |
Implicit flows |
|
| dc.subject |
Valgrind |
|
| dc.subject |
Memcheck |
|
| dc.subject |
OpenSSH |
|
| dc.title |
Quantitative Information-Flow Tracking for C and Related Languages |
|
