| Summary: | 碩士 === 國立東華大學 === 資訊工程學系 === 102 === Preventing information leakage during program execution is crucial. We use the information flow control (IFC) technique to achieve the prevention. Existing IFC models generally suffer from the drawbacks of: (1) over control and (2) large runtime overhead caused by model embedding. To loosen the control, our research only strictly control output statements. The rationale is that only output statements may leak information when ignoring Trojan horses and viruses. To reduce runtime overhead, we combine IFC with software testing. That is, we insert IFC information to the variables of every test case. With this, the pass of testing means the pass of both functional testing and IFC testing. Since we combine our model with the testing technique, we name our IFC model as TestingIFC. After testing, Testing IFC will be removed from a program. When the program is executing online, no model is embedded. This removes runtime overhead.
|
|---|
