Author: Scott Moore

Title: 

Discovering Security Guarantees via Program Dependence Graphs

Abstract:

Many computer applications store and compute with sensitive
information. Sensitive information—both confidential and
untrusted—must be treated carefully: confidential infor- mation must
not be inappropriately released, and the use of untrusted information
must not corrupt trusted computation, or allow an adversary
inappropriate control of the system. However, it is difficult for
developers to use current tools and techniques to understand how their
program manipulates information. Current tools and techniques are
typically focused on the enforcement of security policies that the
developer must explicitly specify. 
We present PIDGIN, a program analysis and under- standing tool that
allows developers to discover the security guarantees their
application satisfies, and then decide whether those guarantees are
sufficient given the application’s requirements. PIDGIN uses
program-dependence graphs (PDGs) to precisely and intuitively capture
the information flows within a program. Using PIDGIN, a developer may
interactively query a program’s PDG to discover expressive, precise,
and application-specific summaries of potentially dangerous
information flows within a program. These summaries provide security
guarantees about how the application handles sensitive data.