Data Flow Analysis of Embedded Program Expressions

Doble, C., Fidge, C. J. and Corney, D.

    Dataflow analysis techniques can be used to help assess threats to data confidentiality and integrity in security-critical program code. However, a fundamental weakness of static analysis techniques is that they overestimate the ways in which data may propagate at run time. Discounting large numbers of these false-positive dataflow paths wastes an information security evaluator's time and effort. Here we show how to automatically eliminate some false-positive dataflow paths by precisely modelling how classified data is blocked by certain expressions in embedded C code. We present a library of detailed dataflow models of individual expression elements and an algorithm for introducing these components into conventional dataflow graphs. The resulting models can be used to accurately trace byte-level or even bit-level dataflow through expressions that are normally treated as atomic. This allows us to identify expressions that safely downgrade their classified inputs and thereby eliminate false-positive dataflow paths from the security evaluation process. To validate the approach we have implemented and tested it in an existing dataflow analysis toolkit.
Cite as: Doble, C., Fidge, C. J. and Corney, D. (2012). Data Flow Analysis of Embedded Program Expressions. In Proc. Australasian Information Security Conference (AISC 2012) Melbourne, Australia. CRPIT, 125. Pieprzyk, J.and Thomborson, C. Eds., ACS. 71-82
pdf (from pdf (local if available) BibTeX EndNote GS