Symbolic Abstract Heaps for Polymorphic Information-flow Guard Inference (Extended Version)

TL;DR

This paper introduces a symbolic heap abstraction for sound, flow-sensitive information-flow analysis in object-oriented programs, enabling precise inference of polymorphic guards with adjustable precision levels.

Contribution

It presents a novel symbolic heap abstraction approach that supports flow-sensitive modeling and automatic guard inference, with multiple relation families for customizable precision.

Findings

Proves soundness of the proposed heap abstraction.

Demonstrates improved precision and scalability on benchmarks.

Provides a flexible framework for information-flow guard inference.

Abstract

In the realm of sound object-oriented program analyses for information-flow control, very few approaches adopt flow-sensitive abstractions of the heap that enable a precise modeling of implicit flows. To tackle this challenge, we advance a new symbolic abstraction approach for modeling the heap in Java-like programs. We use a store-less representation that is parameterized with a family of relations among references to offer various levels of precision based on user preferences. This enables us to automatically infer polymorphic information-flow guards for methods via a co-reachability analysis of a symbolic finite-state system. We instantiate the heap abstraction with three different families of relations. We prove the soundness of our approach and compare the precision and scalability obtained with each instantiated heap domain by using the IFSpec benchmarks and real-life applications.