SPP 1496 – WP: Information Flow Control for Mobile Components Based on Precise Analysis for Parallel Programs (3rd funding period) (IFC for Mobile Components)

Basic data for this project

Description

This project develops a highly precise information flow control (IFC) analysis for distributed, concurrent programs and mobile components. The analysis is based on program dependence graphs (PDGs), dynamic pushdown networks, and automatic inference of invariants. The analysis is flow-, context, object-, field-, time-, and lock-sensitive. In phase 1 and phase 2, a compositional PDG-based analysis for concurrent Java software components and Android apps was developed. Analysis precision was improved by dynamic pushdown networks and we are on the way towards integrating invariant inference to increase precision even further. A new "RLSOD" algorithm was found, which guarantees probabilistic noninterference for full Java and avoids problems of earlier LSOD approaches. RLSOD is integrated into the JOANA IFC system, which was developed in Snelting's group and is used in many RS3 projects. In phase 3, RLSOD will be extended for distributed systems with message passing. Message passing poses new challenges, which have not yet been solved in the literature. We will develop an adequate noninterference criterion and algorithm for distributed systems, and integrate it into JOANA. To further increase precision, the new approach of "data flow slicing" is introduced, which combines PDGs and invariant inference. JOANA will also be used in various RS3 scenarios, such as the "secure app store". The project is performed in cooperation with the group of Prof. Gregor Snelting from Karlsruhe Institute of Technology and is part of Priority Programme 1496 "Reliably Secure Software Systems - RS3" funded by the DFG (Deutsche Forschungsgemeinschaft).