Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Engineering Research Group, Graduate School of Engineering Science, Osaka University Analysis and Implementation Method of Program to Detect Inappropriate.

Published byJoy Grant Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Engineering Research Group, Graduate School of Engineering Science, Osaka University Analysis and Implementation Method of Program to Detect Inappropriate."— Presentation transcript:

1 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University Analysis and Implementation Method of Program to Detect Inappropriate Information Leak Reishi Yokomori †, Fumiaki Ohata †, Yoshiaki Takata ‡, Hiroyuki Seki ‡ and Katsuro Inoue † † † Graduate School of Engineering Science, Osaka University, ‡ Graduate School of Information Science, Nana Institute of Science and Technology

2 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20012 Program slice Program slice: a set of all the statements that affect the value of the variable of a certain statement in a program. The main directions of a program slice Debugging support Testing maintenance program composition Calculation of a Program slice has a common method using Program Dependence Graph (PDG).

3 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20013 Program Dependence Graph Program Dependence Graph (PDG) PDG : Graph about definition / reference relation between the variables of a program Node Statement Edge Dependency –Data Dependence (DD) –Control Dependence (CD) 1: readln( a); 2: readln( b); 3: readln( c); 4: if c < 0 then 5: a := 2; 6: println(a) ; Nodes which can reach by traversing edges from a slice criterion are included in the Slice 1: readln( a); 5: a := 2; 3: readln( c); 4: if c < 0 then 6: println(a) ; a 1 2 4 3 5 6 a c a 1 2 4 3 5 6 a c a 1 2 4 3 5 6 a c

4 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20014 Security Analysis For the purpose of prevention of the information leak by the execution of a program, Security analysis is proposed. Kuninobu’s algorithm † Information Flow Analysis Algorithm Algorithm which investigates where the program outputs confidential information From Security Class ( SC) of the each input value, by using Information Flow, Security Class ( SC) of the each output value is calculated. Analysis based on repetition calculation of simultaneous equations † Shigeta Kuninobu, Yoshiaki Takata, Hiroyuki Seki, Katsuro Inoue: "An Efficient Information Flow Analysis of Recursive Programs based on a Lattice Model of Security Classes", Proceedings of Third International Conference on Information and Communications Security (ICICS 2001), Lecture Notes in Computer Science 2229, pp.292-303,Xian, China, Nov. 2001

5 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20015 Security Class ( SC) The degree of secrecy which the data has. The strength relation is expressed by lattice structure. Henceforth, I express SC with two values. SC ={ high, low } high: Information which should be protected low: Information without the necessity of protecting operation of SC sum : the least upper bound of SCs (Example : low + high = high) product : the greatest lower bound of SCs (Example : low × high = low)

6 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20016 Information Flow The data transfer relation which exists between the variables in a program explicit flow relationship between a definition / reference of a variable. implicit flow relationship between variables referred to at condition clause of a branch (repetition) command / variables defined at its internal statement. 1: b = 5; 2: c = 5; 3: if ( c > 0 ) { 4: a = b; 5: }

7 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20017 Example of Analysis SC for each statement in the program is calculated based on information flow. 1: void method(int a,int b, int c) { 2: int d = a + b + c; 3: if ( c > 0 ) { 4: a = b; 5: } 6: printf(“%s\n”, a); 7: }

8 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20018 Purpose of Study Security Analysis method was proposed by Kuninobu,but no implementation has been yet made. The approaches for slicing is closely related to the security analysis. Implementation a prototype system of the information security analysis algorithm. Realization of Security analysis as an example of application of a slice.

9 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 20019 Implementation of Information Flow Analysis Algorithm (1/2) The approaches for slicing is closely related to the security analysis. The plan of Implementation Analysis based on the technique of PDG-creation explicit flow (implicit flow) is made to correspond to DD (CD). explicit flow Program Slice Security Analysis PDG simultaneous equations implicit flow DDCD Information flow Dependency Analysis method RelationshipImplementation Technique of PDG-creation Dependency based on the Information flow

10 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200110 Implementation of Information Flow Analysis Algorithm (2/2) The Implementation method Analysis based on the technique of PDG-creation procedure 1.SC is set up about the each input value of a program 2.SCset is built for every procedure. SCset: the set of SC of each variable which has at each analysis point. The element of SCset: {variable, SC} 3.According to the order of execution of a program statement, SCset is updated by its updating algorithm. Analysis is repeated until the result is stabilized. 4.SC of the each output value is obtained.

11 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200111 The Example of Analysis Analysis of procedure test procedure swap(var integer a,b); begin temp:= a; a:=b; b :=temp; end; procedure test; begin readln(a); ← high readln(b); ← low swap(a,b); writeln(a); writeln(b); end. SCset is built from variables used within procedure before analysis. SCset = { (a, low),(b, low) } SCset is built from variables used within procedure before analysis. SCset = { (a, low),(b, low) } Analysis is performed according to the order of execution. SCset = { (a, low),(b, low) } SCset = { (a, high),(b, low) } (After analysis of statement “ readln(a);” ) Analysis is performed according to the order of execution. SCset = { (a, low),(b, low) } SCset = { (a, high),(b, low) } (After analysis of statement “ readln(a);” ) Analysis is performed according to the order of execution. SCset = { (a, high ),(b, low) } (After analysis of statement “ readln(b);” ) Analysis is performed according to the order of execution. SCset = { (a, high ),(b, low) } (After analysis of statement “ readln(b);” ) The SCset of procedure ‘ swap ’ is built. SCset = { (a, high),(b, low) } SCset = { (a, high), ( b, low), ( temp, low) } (Before analysis of statement “ temp:= a;” ) The SCset of procedure ‘ swap ’ is built. SCset = { (a, high),(b, low) } SCset = { (a, high), ( b, low), ( temp, low) } (Before analysis of statement “ temp:= a;” ) The procedure ‘ swap ’ is analyzed. SCset = { (a, high), ( b, low), ( temp, low) } SCset = { (a, high), ( b, low), ( temp, high) } (After analysis of statement “ temp:= a;” ) The procedure ‘ swap ’ is analyzed. SCset = { (a, high), ( b, low), ( temp, low) } SCset = { (a, high), ( b, low), ( temp, high) } (After analysis of statement “ temp:= a;” ) The procedure ‘ swap ’ is analyzed. SCset = { (a, high), ( b, low), ( temp, high) } SCset = { (a, low), ( b, low), ( temp, high) } (After analysis of statement “ a:= b;” ) The procedure ‘ swap ’ is analyzed. SCset = { (a, high), ( b, low), ( temp, high) } SCset = { (a, low), ( b, low), ( temp, high) } (After analysis of statement “ a:= b;” ) The procedure ‘ swap ’ is analyzed. SCset = { (a, low), ( b, low), ( temp, high) } SCset = { (a, low), ( b, high), ( temp, high) } (After analysis of statement “ b:= temp;” ) The procedure ‘ swap ’ is analyzed. SCset = { (a, low), ( b, low), ( temp, high) } SCset = { (a, low), ( b, high), ( temp, high) } (After analysis of statement “ b:= temp;” ) The result of analysis is made to reflected in ‘ test ’. SCset = {(a, low), ( b, high), ( temp, high)} SCset = {(a, low), ( b, high)} (After analysis of statement “ swap(a,b);” ) The result of analysis is made to reflected in ‘ test ’. SCset = {(a, low), ( b, high), ( temp, high)} SCset = {(a, low), ( b, high)} (After analysis of statement “ swap(a,b);” ) The sum of SC of the variable referred to is calculated. SCset = { (a, low),(b, high) } The sum of SC of the variable referred to is calculated. SCset = { (a, low),(b, high) } SC of ‘ writeln(a)’ is low SC of ‘ writeln(b)’ is high.

12 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200112 Security Analysis Tool (1/2) Object language: Pascal programs A pointer and a structure object are not taken into consideration. Implementation of prototype tool: The tool is realized in the form of the functional addition to Osaka Slicing System, which is a slicing tool. An additional part is described by C language. (about 1,000 statements)

13 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200113 Security Analysis Tool (2/2) Analysis procedure: 1.Syntactic analysis,and semantic analysis Information required for analysis is extracted. 2.The precondition of the analysis is set up. SC about the input value of a program 3.Analysis is performed on the precondition. SC of the each output value is obtained. 4.The statements with high SC are emphasis- displayed.

14 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200114 The example of application The reservation system of ticket (500 statements) The module which certify a credit card number is attached. The Analysis is performed by giving high SC to the input about a credit card number. certification failure certification reservation success fail reservation failure reservation result Credit card number successfail

15 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200115 The example of application (Analysis result) 35 output statements of 36 output statements have high SC. statements with high SC are widely embedded in the reservation module The information flow to the reservation module from a card number exists. "any possible action in the reservation" implies "a success of credit card certification." certification failure certification reservation success fail reservation failure reservation result Credit card number successfail certification failure certification reservation success fail reservation failure reservation result Credit card number successfail

16 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200116 The example of application change of the structure of the program The system handles the reservation before the certification of a credit card. Result Only SC of the output statement about certification is high. SC of the output statement of the reservation module is low. the information flow from a card number to the reservation module disappeared. certification reservation successfail reservation failure Credit card number success reservation result fail certification failure certification result certification reservation successfail reservation failure Credit card number success reservation result fail certification failure certification result

17 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200117 Conclusion we proposed the implementation method of the security analysis algorithm. Realization of Security analysis as an example of application of Program Slice. information flow and security class Analysis based on the technique of PDG- creation Realization of a security analysis tool The validity to the safety check of a program was verified.

18 Software Engineering Research Group, Graduate School of Engineering Science, Osaka University APAQS 200118

Download ppt "Software Engineering Research Group, Graduate School of Engineering Science, Osaka University Analysis and Implementation Method of Program to Detect Inappropriate."

Similar presentations

Chapter 14 Software Testing Techniques - Testing fundamentals - White-box testing - Black-box testing - Object-oriented testing methods (Source: Pressman,

Chapter 14 Software Testing Techniques - Testing fundamentals - White-box testing - Black-box testing - Object-oriented testing methods (Source: Pressman,
Overview Structural Testing Introduction – General Concepts

Overview Structural Testing Introduction – General Concepts
A Survey of Program Slicing Techniques A Survey of Program Slicing Techniques Sections 3.1,3.6 Swathy Shankar 1000808953.

A Survey of Program Slicing Techniques A Survey of Program Slicing Techniques Sections 3.1,3.6 Swathy Shankar
Program Slicing – Based Techniques

Program Slicing – Based Techniques
Slicing Methods Using Static and Dynamic Information Yoshiyuki Ashida, Fumiaki Ohata, † † † ‡ †‡ Katsuro Inoue Osaka University Nara Institute of Science.

Slicing Methods Using Static and Dynamic Information Yoshiyuki Ashida, Fumiaki Ohata, † † † ‡ †‡ Katsuro Inoue Osaka University Nara Institute of Science.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.

Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
 Program Slicing 1001024238 Long Li. Program Slicing ? It is an important way to help developers and maintainers to understand and analyze the structure.

 Program Slicing Long Li. Program Slicing ? It is an important way to help developers and maintainers to understand and analyze the structure.
Mushtaq Raza Mushtaq Raza MAP-i Doctoral MAP-i Doctoral Student, 2011-2012 Student, 2011-2012.

Mushtaq Raza Mushtaq Raza MAP-i Doctoral MAP-i Doctoral Student, Student,
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.

1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
Introduction to Program Slicing Presenter: M. Amin Alipour Software Design Laboratory

Introduction to Program Slicing Presenter: M. Amin Alipour Software Design Laboratory
Chapter 2- Visual Basic Schneider1 Chapter 2 Problem Solving.

Chapter 2- Visual Basic Schneider1 Chapter 2 Problem Solving.
Python Programming: An Introduction to Computer Science

Python Programming: An Introduction to Computer Science
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Data Flow Analysis 1 15-411 Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.

Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.
Program Representations Xiangyu Zhang. CS590Z Software Defect Analysis Program Representations  Static program representations Abstract syntax tree;

Program Representations Xiangyu Zhang. CS590Z Software Defect Analysis Program Representations  Static program representations Abstract syntax tree;
 2003 Prentice Hall, Inc. All rights reserved. 1 Chapter 3 - Functions Outline 3.12Recursion 3.13Example Using Recursion: The Fibonacci Series 3.14Recursion.

 2003 Prentice Hall, Inc. All rights reserved. 1 Chapter 3 - Functions Outline 3.12Recursion 3.13Example Using Recursion: The Fibonacci Series 3.14Recursion.
Data Flow Analysis 4 15-411 Compiler Design Nov. 8, 2005.

Data Flow Analysis Compiler Design Nov. 8, 2005.

Similar presentations

Ads by Google