A Translator with a Security Static Analysis Feature of an Information Flow for a Simple Programming Language
https://doi.org/10.18255/1818-1015-2014-4-5-12
Abstract
We consider while-language programs with variables of two security types: low and high. Security static analysis of information flows of such programs identifies insecure information flows which can cause leaks. Semantic rules of such an analysis which was proposed in [6] assign security types for expressions, operators and compositions of operators. We use these rules to propose an algorithm of security static analysis to discover a security type of the program under consideration. If such a type can be assigned, information flows of the program are secure; otherwise, it contains insecure information flows. We have used flex and bison [5] tools to implement a translator for a while-language into the MMIX computer [2] instruction sequence.
About the Authors
E. Ju. Antoshina
P.G. Demidov Yaroslavl State University
Russian Federation
Russian Federation
магистрант, Sovetskaya str., 14, Yaroslavl, 150000, Russia
A. N. Barakova
P.G. Demidov Yaroslavl State University
Russian Federation
магистрант, Sovetskaya str., 14, Yaroslavl, 150000, Russia
Russian Federation
магистрант, Sovetskaya str., 14, Yaroslavl, 150000, Russia
E. S. Nikitin
P.G. Demidov Yaroslavl State University
Russian Federation
студент, Sovetskaya str., 14, Yaroslavl, 150000, Russia
Russian Federation
студент, Sovetskaya str., 14, Yaroslavl, 150000, Russia
D. Ju. Chalyy
P.G. Demidov Yaroslavl State University
Russian Federation
доцент, Sovetskaya str., 14, Yaroslavl, 150000, Russia
Russian Federation
доцент, Sovetskaya str., 14, Yaroslavl, 150000, Russia
References
1. Девянин П. Н. Модели безопасности компьютерных систем: Учебное пособие для студентов высших учебных заведений. М.: Академия, 2005. 144 c. [Devyanin P. N. Modeli bezopasnosti kompjuternyx sistem: Uchebnoe posobie dlja studentov vysshix uchebnyx zavedenii. M.: Akademija, 2005. 144 p. (in Russian)].
2. Кнут Д. Искусство программирования. MMIX — RISC-компьютер для нового тысячелетия. Т. 1, вып. 1. М.: Вильямс. 160 c. (English ed.: Knuth D. E. The Art of Computer Programming. MMIX — A RISC Computer for the New Millenium. Vol. 1, Fascile 1. Addison-Wesley Professional, 2005. 144 p.)
3. Grune D., Jacobs C.J.H. Parsing Techniques. A Practical Guide. 2nd ed. Springer, 2008. 664 p.
4. Hoare C.A.R. An Axiomatic Basis for Computer Programming // Communications of the ACM. 1969. Vol. 12, Issue 10. P. 576–580.
5. Levine J. flex & bison. O’Reilly Media. 2009. 292 p.
6. Sabelfeld A., Myers A.C. Language-Based Information-Flow Security // IEEE Journal on Selected Areas in Communications. 2003. Vol. 21. P. 5–19.
7. SWHILE — while-language translator with security types // WWW: https://bitbucket.org/kafti/swhile. Дата доступа: 22.04.2014.
Review
For citations:
Antoshina E.J., Barakova A.N., Nikitin E.S., Chalyy D.J. A Translator with a Security Static Analysis Feature of an Information Flow for a Simple Programming Language. Modeling and Analysis of Information Systems. 2014;21(4):5-12. (In Russ.) https://doi.org/10.18255/1818-1015-2014-4-5-12
Views:
970
Email this article 