Thesis Defense: Stephen McCamant, "Quantitative Information-Flow Tracking for Real Systems"
Speaker: Stephen McCamant , MIT EECS / CSAIL
Date: May 8 2008
Time: 10:00AM to 11:00AM
Location: 32-G575
Host: Stephen McCamant, MIT EECS / CSAIL
Contact: Stephen McCamant, 3-2323, smcc@csail.mit.edu
Abstract:
An information-flow security policy constrains a computer system's
end-to-end use of information, even as it is transformed in
computation. For instance, a policy would not just restrict what
secret data could be revealed directly, but restrict any output that
might allow inferences about the secret.
This thesis describes a family of new techniques for measuring how
much information about a program's secret inputs is revealed by its
public outputs on a particular execution, in order to check a
quantitative information-flow policy on realistic systems. Our
approach builds on dynamic tainting, tracking at runtime which bits
might contain secret information, and also uses static control-flow
regions to soundly account for implicit flows via branches and pointer
operations. We introduce a new graph model that bounds information
flow by the maximum flow between inputs and outputs in a flow network
representation of an execution. The flow bounds obtained with maximum
flow are much more precise than those based on tainting alone (which
is equivalent to graph reachability).
We describe an implementation named Flowcheck, built using the
Valgrind framework for x86/Linux binaries, and use it to perform case
studies on six real C, C++, and Objective C programs, three of which
have more than 250,000 lines of code. The tool's results either
verified that the information was appropriately kept secret on the
examined executions, or revealed unacceptable leaks, in one case due
to a previously unknown bug.
Thesis Committee:
Prof. Michael D. Ernst, MIT EECS / CSAIL (supervisor)
Prof. Barbara Liskov, MIT EECS / CSAIL
Prof. Robert Morris, MIT EECS / CSAIL
See other events that are part of
See other events happening in May 2008
