Reishi Yokomori, Fumiaki Ohata, Y. Takata, H. Seki, Katsuro Inoue
{"title":"不适当信息泄漏检测程序的分析与实现方法","authors":"Reishi Yokomori, Fumiaki Ohata, Y. Takata, H. Seki, Katsuro Inoue","doi":"10.1109/APAQS.2001.989996","DOIUrl":null,"url":null,"abstract":"For a program which handles secret information, it is very important to prevent inappropriate information leaks from a program with secret data. D.E. Denning (1976) proposed a mechanism to certify the security of program by statically analyzing information flow, and S. Kuninobu et al. (2000) proposed a more practical analysis framework including recursive procedure handling, although no implementation has been yet made. We propose a method of security analysis implementation, and show a security analysis tool implemented for a procedural language. We extend Kuninobu's algorithm by devising various techniques for analysis of practical programs that have recursive calls and global variables. This method is validated by applying our tools to a simple credit card program, and we confirm that the validation of program security is very useful.","PeriodicalId":145151,"journal":{"name":"Proceedings Second Asia-Pacific Conference on Quality Software","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Analysis and implementation method of program to detect inappropriate information leak\",\"authors\":\"Reishi Yokomori, Fumiaki Ohata, Y. Takata, H. Seki, Katsuro Inoue\",\"doi\":\"10.1109/APAQS.2001.989996\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"For a program which handles secret information, it is very important to prevent inappropriate information leaks from a program with secret data. D.E. Denning (1976) proposed a mechanism to certify the security of program by statically analyzing information flow, and S. Kuninobu et al. (2000) proposed a more practical analysis framework including recursive procedure handling, although no implementation has been yet made. We propose a method of security analysis implementation, and show a security analysis tool implemented for a procedural language. We extend Kuninobu's algorithm by devising various techniques for analysis of practical programs that have recursive calls and global variables. This method is validated by applying our tools to a simple credit card program, and we confirm that the validation of program security is very useful.\",\"PeriodicalId\":145151,\"journal\":{\"name\":\"Proceedings Second Asia-Pacific Conference on Quality Software\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2001-12-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings Second Asia-Pacific Conference on Quality Software\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APAQS.2001.989996\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings Second Asia-Pacific Conference on Quality Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APAQS.2001.989996","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Analysis and implementation method of program to detect inappropriate information leak
For a program which handles secret information, it is very important to prevent inappropriate information leaks from a program with secret data. D.E. Denning (1976) proposed a mechanism to certify the security of program by statically analyzing information flow, and S. Kuninobu et al. (2000) proposed a more practical analysis framework including recursive procedure handling, although no implementation has been yet made. We propose a method of security analysis implementation, and show a security analysis tool implemented for a procedural language. We extend Kuninobu's algorithm by devising various techniques for analysis of practical programs that have recursive calls and global variables. This method is validated by applying our tools to a simple credit card program, and we confirm that the validation of program security is very useful.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
