M. Zanioli, P. Ferrara and A. Cortesi.
SAILS: static analysis of information leakage with Sample

In Proceedings of the 27th ACM Symposium on Applied Computing (SAC 2012 in the "Software Verification and Testing" track), ACM Press, Riva del Garda, Italy, March 26-30, 2012

Final version: Pdf (314 KB)

Abstract: In this paper, we introduce Sails, a new tool that combines Sample, a generic static analyzer, and a sophisticated domain for leakage analysis. This tool does not require to modify the original language, since it works with mainstream languages like Java, and it does not require any manual annotation. Sails can combine the information leakage analysis with different heap abstractions, inferring information leakage over programs dealing with complex data structures. We applied Sails to the analysis of the SecuriBench-micro suite. The experimental results show the effectiveness of our approach.

Bibtex:

@inproceedings{ZFC12,
  author = {Zanioli, Matteo and Ferrara, Pietro and Cortesi, Agostino},
  title = {"SAILS: static analysis of information leakage with Sample},
  booktitle = {Proceedings of the 27th ACM Symposium on Applied Computing (SAC 2012)},
  year = {2012},
  publisher = {ACM},
  month = {March},
}

M. Zanioli, P. Ferrara and A. Cortesi. SAILS: static analysis of information leakage with Sample

M. Zanioli, P. Ferrara and A. Cortesi.
SAILS: static analysis of information leakage with Sample