Hybrid Information Flow Analysis for Programs with Arrays

TL;DR

This paper extends hybrid information flow analysis to handle arrays and pointers in C, enabling precise tracking of data leaks through complex data structures with a prototype implementation and ongoing formal correctness proof.

Contribution

It introduces a novel extension of hybrid information flow analysis that manages arrays and pointers, improving precision and efficiency over previous scalar-only approaches.

Findings

Precise tracking of information flow through arrays of pointers.

Efficient summarization of arrays of non-pointer types.

Prototype implementation in Frama-C demonstrating practical applicability.

Abstract

Information flow analysis checks whether certain pieces of (confidential) data may affect the results of computations in unwanted ways and thus leak information. Dynamic information flow analysis adds instrumentation code to the target software to track flows at run time and raise alarms if a flow policy is violated; hybrid analyses combine this with preliminary static analysis. Using a subset of C as the target language, we extend previous work on hybrid information flow analysis that handled pointers to scalars. Our extended formulation handles arrays, pointers to array elements, and pointer arithmetic. Information flow through arrays of pointers is tracked precisely while arrays of non-pointer types are summarized efficiently. A prototype of our approach is implemented using the Frama-C program analysis and transformation framework. Work on a full machine-checked proof of the correctness of our approach using Isabelle/HOL is well underway; we present the existing parts and sketch the rest of the correctness argument.