Information-flow security vulnerabilities, such as confidentiality and integrity violations, are real and serious problems found commonly in real-world software. Static analyses for information-flow control have the advantage that provides full coverage compared to dynamic analyses, as all possible security violations in the program need to be identified. On the other hand, dynamic information-flow analyses can offer distinct advantages in precision because it is less conservative than static analyses, by rejecting only insecure executions instead of whole programs, and providing additional accuracy via flow- and path-sensitivity compared to static analyses.
This talk will highlight some of our attempts to detect information-based security vulnerabilities in Java programs. In particular, we will discuss our investigation on dynamic program analysis for enforcing information-flow security in object-oriented programs. Even though we are able to obtain a soundness result for the analysis by formalising a core language and a generalised operational semantics that tracks explicit and implicit information propagations at runtime, we find it is fundamentally limited and practically infeasible to develop a purely dynamic analysis for information-flow security in the presence of shared objects and aliases.