| 摘要 |
The present invention relates to a system for information flow security inference through program slicing. In operation, the system receives an information flow security policy for source code security, refines the information flow security policy, and analyzes the source code to provide refinements as constraints, such that if there is a source code violation of the constraints, the source code is identified for inspection and removal. |
| 主权项 |
1. A computer implemented method for information flow security inference through program slicing, the method comprising an act of causing one or more hardware processors to execute instructions encoded on a non-transitory computer-readable medium, such that upon execution of the instructions, the one or more hardware processors perform operations of:
receiving an information flow security policy for source code security; refining the information flow security policy by performing operations of:
constructing a system dependence graph (SDG) of a program source code, the SDG being a directed graph representing flow chart dependencies in the source code and having program blocks and nodes, with paths between the blocks and nodes;identifying in the SDG all paths containing nodes of interest through program slicing for both confidentiality analysis and integrity analysis, such that for confidentiality analysis, a forward slice is computed from high confidentiality variables, and for integrity analysis, a backwards slice is computed from low integrity variables; analyzing the source code to provide refinements as constraints; identifying a section of the source code that violates the constraints; and removing, via the one or more hardware processors, the section of the source code that violates the constraints to generate an encoded source code that is compliant with the information flow security policy. |
