Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Program Analysis Probably Counts: Discussant Contribution for the Computer Journal Lecture by Chris Hankin

Program Analysis Probably Counts: Discussant Contribution for the Computer Journal Lecture by... © The Author 2009. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissions@oxfordjournals.org Advance Access publication on May 12, 2009 doi:10.1093/comjnl/bxp037 Program Analysis Probably Counts: Discussant Contribution for the Computer Journal Lecture by Chris Hankin Pasquale Malacaria As mentioned in Chris’ lecture a particular field of interest Let us accept that a probabilistic program analysis makes is the one of information flow/security. This field seems to be sense as a theory. Still in the context of program analysis a nat- ideal for probabilistic or quantitative approaches. There is in ural question is ‘what about the implementation?’: in the end fact a problem with a qualitative approach to security, which is an uncomputable program analysis would have very limited traditionally defined in terms of non-interference. The classical interest. definition can be informally stated as: The point here is that classical program analysis is based on qualitative notions and measuring is, in general, more demand- A system is secure if and only if an attacker cannot deduce ing than qualitative analysis. The state explosion problem, information about the secret by the observations he has familiar to the model checking and verification communities, available about the system. is an even bigger problem in this probabilistic context. Following this definition no password protected system Here are a few questions and challenges related to the would be secure. In fact an attacker who tries to enter such implementation aspect: how can we compute timed bisimilarity a system can either succeed (if lucky) and so knows all the for systems with large number of states? Or the Moore–Penrose information about the secret password or will fail to enter and pseudo-inverse? in this case will learn that the password is not the one he tried. Should we aim (as classical program analysis does) for ‘safe’ In any case he has deduced information about the secret by the quantitative analysis working on any sort of programs? Or available observations. maybe settle for more modest probably safe results? Information flow and security hence have an inherently Also there is a set of properties dear to the qualitative program quantitative component. We can only say ‘the system is secure analysis community that we may have to relax; for example because it is extremely unlikely for an attacker to enter it’ or properties like Universality, Scalability, Compositionality. ‘the system is secure because the amount of information about Some or perhaps all of these properties may be lost in a the secret an attacker can gain is insignificant’. quantitative approach. Various theories may help us in this quantitative direction: Maybe in the end, we will have to relax the static aspect Probability and Information Theory are the first to come of program analysis and, to cope with the computational to mind. difficulties of a probabilistic analysis, we could think of a hybrid Chris’ general framework uses Hilbert spaces and Moore– approach of static/dynamic analysis instead. Penrose pseudo-inversion to answer the question ‘how can we Program analysis probably counts but is it likely to be define a probabilistic formulation of abstract interpretation?’. implemented? The Computer Journal, Vol. 53 No. 6, 2010 http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png The Computer Journal Oxford University Press

Program Analysis Probably Counts: Discussant Contribution for the Computer Journal Lecture by Chris Hankin

Malacaria, Pasquale
The Computer Journal , Volume 53 (6) – Jul 12, 2010
Download PDF
1 page

Loading next page...
 
/lp/oxford-university-press/program-analysis-probably-counts-discussant-contribution-for-the-vok0yDt0aq

References (0)

References for this paper are not available at this time. We will be adding them shortly, thank you for your patience.

Publisher
Oxford University Press
Copyright
The Author 2009. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissionsoxfordjournals.org
Subject
Section A
ISSN
0010-4620
eISSN
1460-2067
DOI
10.1093/comjnl/bxp037
Publisher site
See Article on Publisher Site

Abstract

© The Author 2009. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissions@oxfordjournals.org Advance Access publication on May 12, 2009 doi:10.1093/comjnl/bxp037 Program Analysis Probably Counts: Discussant Contribution for the Computer Journal Lecture by Chris Hankin Pasquale Malacaria As mentioned in Chris’ lecture a particular field of interest Let us accept that a probabilistic program analysis makes is the one of information flow/security. This field seems to be sense as a theory. Still in the context of program analysis a nat- ideal for probabilistic or quantitative approaches. There is in ural question is ‘what about the implementation?’: in the end fact a problem with a qualitative approach to security, which is an uncomputable program analysis would have very limited traditionally defined in terms of non-interference. The classical interest. definition can be informally stated as: The point here is that classical program analysis is based on qualitative notions and measuring is, in general, more demand- A system is secure if and only if an attacker cannot deduce ing than qualitative analysis. The state explosion problem, information about the secret by the observations he has familiar to the model checking and verification communities, available about the system. is an even bigger problem in this probabilistic context. Following this definition no password protected system Here are a few questions and challenges related to the would be secure. In fact an attacker who tries to enter such implementation aspect: how can we compute timed bisimilarity a system can either succeed (if lucky) and so knows all the for systems with large number of states? Or the Moore–Penrose information about the secret password or will fail to enter and pseudo-inverse? in this case will learn that the password is not the one he tried. Should we aim (as classical program analysis does) for ‘safe’ In any case he has deduced information about the secret by the quantitative analysis working on any sort of programs? Or available observations. maybe settle for more modest probably safe results? Information flow and security hence have an inherently Also there is a set of properties dear to the qualitative program quantitative component. We can only say ‘the system is secure analysis community that we may have to relax; for example because it is extremely unlikely for an attacker to enter it’ or properties like Universality, Scalability, Compositionality. ‘the system is secure because the amount of information about Some or perhaps all of these properties may be lost in a the secret an attacker can gain is insignificant’. quantitative approach. Various theories may help us in this quantitative direction: Maybe in the end, we will have to relax the static aspect Probability and Information Theory are the first to come of program analysis and, to cope with the computational to mind. difficulties of a probabilistic analysis, we could think of a hybrid Chris’ general framework uses Hilbert spaces and Moore– approach of static/dynamic analysis instead. Penrose pseudo-inversion to answer the question ‘how can we Program analysis probably counts but is it likely to be define a probabilistic formulation of abstract interpretation?’. implemented? The Computer Journal, Vol. 53 No. 6, 2010

Journal

The Computer JournalOxford University Press

Published: Jul 12, 2010

There are no references for this article.