A Translator with a Security Static Analysis Feature of an Information Flow for a Simple Programming Language

We consider while-language programs with variables of two security types: low and high. Security static analysis of information flows of such programs identifies insecure information flows which can cause leaks. Semantic rules of such an analysis which was proposed in [6] assign security types for expressions, operators and compositions of operators. We use these rules to propose an algorithm of security static analysis to discover a security type of the program under consideration. If such a type can be assigned, information flows of the program are secure; otherwise, it contains insecure information flows. We have used flex and bison [5] tools to implement a translator for a while-language into the MMIX computer [2] instruction sequence.

language security, static analysis, information flow

1. Девянин П. Н. Модели безопасности компьютерных систем: Учебное пособие для студентов высших учебных заведений. М.: Академия, 2005. 144 c. [Devyanin P. N. Modeli bezopasnosti kompjuternyx sistem: Uchebnoe posobie dlja studentov vysshix uchebnyx zavedenii. M.: Akademija, 2005. 144 p. (in Russian)].

2. Кнут Д. Искусство программирования. MMIX — RISC-компьютер для нового тысячелетия. Т. 1, вып. 1. М.: Вильямс. 160 c. (English ed.: Knuth D. E. The Art of Computer Programming. MMIX — A RISC Computer for the New Millenium. Vol. 1, Fascile 1. Addison-Wesley Professional, 2005. 144 p.)

3. Grune D., Jacobs C.J.H. Parsing Techniques. A Practical Guide. 2nd ed. Springer, 2008. 664 p.

4. Hoare C.A.R. An Axiomatic Basis for Computer Programming // Communications of the ACM. 1969. Vol. 12, Issue 10. P. 576–580.

5. Levine J. flex & bison. O’Reilly Media. 2009. 292 p.

6. Sabelfeld A., Myers A.C. Language-Based Information-Flow Security // IEEE Journal on Selected Areas in Communications. 2003. Vol. 21. P. 5–19.

7. SWHILE — while-language translator with security types // WWW: https://bitbucket.org/kafti/swhile. Дата доступа: 22.04.2014.