ABSTRACT
Information Flow Control (IFC) tools are a common way to analyze source code with the goal to find confidentiality or integrity violations for sensitive information. Therefore, to correctly protect such information (e.g., passwords), it is important to choose the most suitable tool for each target software system. In this context, we evaluate precision, recall, and accuracy for three open-source IFC tools for Java-written systems. We also check whether these tools are useful to protect sensitive information of real systems. First, we execute these tools against test cases of the SecuriBench Micro benchmark built for this purpose. Then, we run three selected IFC tools (JOANA, PIDGIN, and Flowdroid) to assess whether they are able to detect violations for rules we define considering each real system. Our results show that JOANA and PIDGIN overcome FlowDroid regarding precision, recall, and accuracy. Furthermore, the execution of JOANA and PIDGIN allow us to find eight confidentiality and integrity violations for the target systems. We registered these violations as issues on those projects. Our results also demonstrate that JOANA is faster than PIDGIN. At last, we provide some discussion for developers on which IFC tool fits better when dealing with sensitive information in software systems.
- Karim Ali and Ondřej Lhoták. 2012. Application-only call graph construction. In European Conference on Object-Oriented Programming. 688–712.Google ScholarDigital Library
- Karim Ali and Ondřej Lhoták. 2013. Averroes: Whole-program analysis without the whole program. In European Conference on Object-Oriented Programming. 378–400.Google ScholarDigital Library
- Rodrigo Andrade and Paulo Borba. 2020. Privacy and security constraints for code contributions. Journal of Software: Practice and Experience 50, 10(2020), 1905–1929.Google ScholarCross Ref
- Ken Biba. 1975. Integrity considerations for secure computer systems. Mitre Corporation (1975).Google Scholar
- Blojsom. 2021. Blojsom. https://sourceforge.net/projects/blojsom/Google Scholar
- Stephen Chong and Andrew C. Myers. 2004. Security Policies for Downgrading. In Conference on Computer and Communications Security. 198–209.Google Scholar
- Stephen Chong, K. Vikram, and Andrew C. Myers. 2007. SIF: Enforcing Confidentiality and Integrity in Web Applications. In USENIX Security Symposium. 1–16.Google Scholar
- CWE Community. 2021. CWE - Common Weakness Enumeration. https://cwe.mitre.org/Google Scholar
- Andrea Continella et al.2017. Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis. In ISOC Network and Distributed System Security Symposium.Google Scholar
- Claes Wohlin et al.2012. Experimentation in software engineering. Springer Science & Business Media.Google ScholarCross Ref
- David Binkley et al.2007. Empirical study of optimization techniques for massive slicing. ACM Transactions on Programming Languages and Systems 30, 1 (2007), 1–34.Google Scholar
- Omer Tripp et al.2009. TaJ: effective taint analysis of web applications. ACM Sigplan Notices 44, 6 (2009), 87–97.Google ScholarDigital Library
- Omer Tripp et al.2013. Andromeda: Accurate and scalable security analysis of web applications. In Fundamental Approaches to Software Engineering. 210–225.Google Scholar
- Steven Arzt et al.2014. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. SIGPLAN Notices 49, 6 (2014), 259–269.Google ScholarDigital Library
- Salvatore Guarnieri et al.2011. Saving the World Wide Web from Vulnerable JavaScript. In International Symposium on Software Testing and Analysis. 177–187.Google Scholar
- Tobias Hamann et al.2018. A uniform information-flow security benchmark suite for source code and bytecode. In Gruschka Nordic Conference on Secure IT Systems. 437–453.Google Scholar
- Victor Basili et al. 1994. The goal question metric approach. In Encyclopedia of Software Engineering, John J. Marciniak (Ed.). Wiley, New Jersey, 528–532.Google Scholar
- William Enck et al. 2010. TaintDroid: An Information-Flow Tracking System for Real-time Privacy Monitoring on Smartphones. In USENIX Symposium on Operating Systems Design and Implementation.Google Scholar
- Simple Logging Facade for Java. 2004. SLF4J -Simple Logging Facade for Java. http://www.slf4j.orgGoogle Scholar
- OWASP Foundation. 2021. OWASP - Open Web Application Security Project. https://owasp.org/Google Scholar
- Karlsruher Institut fur Technologie. 2021. JOANA (Java Object-Sensitive Analysis) - Information Flow Control Framework for Java. https://pp.ipd.kit.edu/projects/joana/Google Scholar
- Jürgen Graf, Martin Hecker, and Martin Mohr. 2013. Using JOANA for Information Flow Control in Java Programs - A Practical Guide. In Work. Conf. Program. Languages. 123–138.Google Scholar
- Christian Hammer and Gregor Snelting. 2009. Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security 8 (2009), 399–422.Google ScholarDigital Library
- Daniel Hedin and Andrei Sabelfeld. 2012. A Perspective on Information-Flow Control.Software Safety and Security 33 (2012), 319–347.Google Scholar
- Susan Horwitz, Thomas Reps, and David Binkley. 1990. Interprocedural Slicing Using Dependence Graphs. ACM Transactions on Programming Languages and Systems 12 (1990), 26–60.Google ScholarDigital Library
- Andrew Johnson, Lucas Waye, Scott Moore, and Stephen Chong. 2015. Exploring and Enforcing Security Guarantees via Program Dependence Graphs. SIGPLAN Notice 50, 6 (2015), 291–302.Google ScholarDigital Library
- Benhamin Livshits. 2021. Securibench Micro. http://suif.stanford.edu/~livshits/work/securibench-micro/Google Scholar
- V. B. Livshits and M. S. Lam. 2005. Finding security vulnerabilities in Java applications with static analysis. In USENIX Security Symposium. 271–286.Google Scholar
- Lutece. 2021. Lutece. https://github.com/lutece-platformGoogle Scholar
- A. Mettler, D. Wagner, and T. Close. 2010. Joe-E: A Security-Oriented Subset of Java. In Network and Distributed System Security Symposium. 357–374.Google Scholar
- Andrew C. Myers. 1999. JFlow: Practical Mostly-Static Information Flow Control. In ACM Symposium on Principles of Programming Languages. 228–241.Google ScholarDigital Library
- A. C. Myers, N. Nystrom, L. Zheng, and S. Zdancewic. 2021. Jif: Java information flow. http://www.cs.cornell.edu/jifGoogle Scholar
- J. Newsome and D. Song. 2005. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Net. and Dist. Sys. Security Symp.Google Scholar
- Andrei Sabelfeld and Andrew C. Myers. 2003. Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Communications 21 (2003), 5–19.Google ScholarDigital Library
- Scribejava. 2021. Simple OAuth library for Java. https://github.com/scribejava/scribejavaGoogle Scholar
- Omer Tripp and Julia Rubin. 2014. A Bayesian Approach to Privacy Enforcement in Smartphones. In USENIX Security Symposium. 175–190.Google Scholar
- Jean Yang, Kuat Yessenov, and Armando Solar-Lezama. 2012. A Language for Automatically Enforcing Privacy Policies. SIGPLAN Notices 47, 1 (2012), 85–96.Google ScholarDigital Library
- Matteo Zanioli, Pietro Ferrara, and Agostino Cortesi. 2012. SAILS: Static Analysis of Information Leakage with Sample. In ACM Symposium on Applied Computing. 1308–1313.Google ScholarDigital Library
Index Terms
- A Comparative Analysis Between Information Flow Control Tools for Java-written systems
Recommendations
Enforcing robust declassification and qualified robustness
Special issue on CSFW17Noninterference requires that there is no information flow from sensitive to public data in a given system. However, many systems release sensitive information as part of their intended function and therefore violate noninterference. To control ...
Cryptographically sound implementations for typed information-flow security
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesIn language-based security, confidentiality and integrity policies conveniently specify the permitted flows of information between different parts of a program with diverse levels of trust. These policies enable a simple treatment of security, and they ...
Immutability and Encapsulation for Sound OO Information Flow Control
Security-critical software applications contain confidential information which has to be protected from leaking to unauthorized systems. With language-based techniques, the confidentiality of applications can be enforced. Such techniques are for example ...
Comments