Abstract interpretation-based approaches to Security - A Survey on Abstract Non-Interference and its Challenging Applications

TL;DR

This survey explores the framework of abstract non-interference in security, formalizing its concepts and demonstrating its applicability to language-based security, code injection, and obfuscation challenges.

Contribution

It introduces a general formalization of abstract non-interference through three dimensions and shows its relevance to existing security policies and complex security problems.

Findings

Unified framework for abstract non-interference

Application to language-based security policies

Potential solutions for code injection and obfuscation

Abstract

In this paper we provide a survey on the framework of abstract non-interference. In particular, we describe a general formalization of abstract non-interference by means of three dimensions (observation, protection and semantics) that can be instantiated in order to obtain well known or even new weakened non-interference properties. Then, we show that the notions of abstract non-interference introduced in language-based security are instances of this more general framework which allows to better understand the different components of a non-interference policy. Finally, we consider two challenging research fields concerning security where abstract non-interference seems a promising approach providing new perspectives and new solutions to open problems: Code injection and code obfuscation.