SPP 1496 - WP: Information Flow Control for Mobile Components Based on Precise Analysis for Parallel Programs (1st funding period) (IFC for Mobile Components)

Basic data for this project

Type of project: Subproject in DFG-joint project hosted outside University of Münster
Duration: 01/10/2010 - 30/09/2013 | 1st Funding period

Description

Future software systems will be dynamically configured from mobile components, and will heavily use parallelism. Security checks thus have to deal precisely with mobile software components and their plug-in, as well as with parallel constructs and multi-threaded programs.Current information flow algorithms for mobile components and multi-threaded software can be greatly improved if they leverage modern program analysis. In this project, we will use information flow control based on program dependence graphs for the construction of new and precise security analysis methods for mobile components and their dynamic integration, as well as for their concurrent interaction. New theoretical insights into the analysis of parallel programs and invariance detection will improve analysis precision in particular for information flow in parallel programs. New techniques for context approximation and context inference will allow to construct modular dependence graphs and handle missing application contexts for isolated components. A scaling implementation for full Java will be developed and exercised on realistic case studies. The project is performed in cooperation with the group of Prof. Gregor Snelting from Karlsruhe Institute of Technology and is part of Priority Programme 1496 "Reliably Secure Software Systems - RS3" funded by the DFG (Deutsche Forschungsgemeinschaft).

Keywords: Concurrency; information flow control; mobile components; parallel software; software security; static analysis