Evaluating the Overhead of Dynamic Information Flow Analysis Performed by Security Typed Programming Languages

Authors

  • Hassan D Computers and Systems Department, National Telecommunication Institute, Cairo, Egypt

Keywords:

Dynamic information flow, security labeling, run-time overhead, operational semantics

Abstract

Security-typed programming languages aim to track insecure information flows in application program. This is achieved by extending data types with security labels in order to identify the confidentiality and integrity policies for each data element. Such policies specify which principals or entities are allowed to read from or write to the value of data respectively. In this paper, we evaluate the run-time overhead of dynamic information flow (DIF) analysis in security typed programming languages. Such analysis is performed by including the security labeling in the dynamic operational semantics. Our evaluation mechanism relies on developing two different language implementations for a simple while programming language that has been considered as a case of study. The first one is a traditional interpreter that implements the ordinary operational semantics of the language without security labeling of data types and hence performs no information flow analysis. The second one is an interpreter that performs a dynamic information flow analysis by implementing the security labeling semantics (where language data types are augmented with security labels). Next, two execution times of a program executed using both interpreters are measured (i.e., one execution time for each interpreter). The resulting difference in execution time represents the absolute run-time overhead of dynamic information flow analysis. We have calculated the difference in execution time for some benchmark programs that are executed using both implementations.

References

Sabelfeld, A., and Myers, A. C.: Language-Based information-Flow Security. IEEE J. on Sel. Areas in Comm., 21(1):5– 19, 2003.

Myers, A. C.: Flow: Practical Mostly-Static information Flow Control. In Proceeding of POPL’99, pp. 228–241, ACM, 1999.

Simonet, v., and Rocquencourt, I.: Flow Caml in a Nutshell. In Proc. Of APPSEM-II, pp. 152–165, 2003.

Alejandro, R. and Andrei, S. Dynamic vs. Static Flow-Sensitive Security Analysis. In Proceedings of 23rd IEEE Computer Security Foundations Symposium (CSF’10), pp.186 - 199, 2010.

Shroff, P., Smith, S., and Thober, M.: Securing information Flow via Dynamic Capture of Dependencies. In Journal of Computer Security, 16:673–688, 2008.

Denning, D. E.: A Lattice Model of Secure Information Flow. journal of Commun. ACM, 19(5):236 – 243, 1976.

Molnar. D., Piotrowski, M. , Schultz,D., and Wagner, D: The program counter security model: Automatic detection and removal of control flow side channel attacks. In Proc. of ICISC’05, vol. 3935 of LNCS, pp.156168. Springer, 2005.

Brand, M. G. J. V. D., Deursen, A. V., Heering, J., Jonge, J. M., Kuipers, T., Klint, P. , Moonen, L., Olivier, P., Scheerder, J., Vinju, J.J. , Visser,E., and Visser, J.: The ASF+SDF Meta-Environment: A Component-Based Language Development Environment. In Proc. Of CC’01, vol. 2027 of LNCS, pp. 365–370, Springer, 2001.

Deursen, A. V., Heering, J., and Klint, P.: Language Prototyping: An Algebraic Specification Approach: Vol. V. AMAST Series in Computing, World Scientific, 1996.

Heering, J., Hendriks, P., Klint, P., and Rekers.J.: The Syntax Definition Formalism SDF - Reference Manual, 1989.

Brand, M. G. J. V. D., and Klint, P. Asf+sdf Meta-Environment User Manual Revision 1.134. Technical report, CWI Centrum voor Wiskunde en Informatica, Amsterdam, 2003. Available at: http://www. cwi.nl/projects/MetaEnv/meta.

Brand, M. G. J. V. D., Klint, P., and Vinju, J.J. The Language Specification Formalism ASF+SDF, 2008.

Klint, P.: A Meta-Environment for Generating Programming Environments. In ACM TOSEM, 2(2):176–201, 1993.

Eclipse Platform technical overview. Object Technology International, Inc., 2003.

Brand, M. G. J. V. D., Jong, H. A., Klint, P. and Kooiker, A. T. A language development environment for Eclipse. In Proceedings of OOPSLA Workshop on Eclipse Technology eXchange., 2003.

Shroff, P., Smith, S., and Thober, M.: Dynamic Dependency Monitoring to Secure Information Flow. In Proc. of CSF’07, pp. 203–217, IEEE, 2007.

Le Guernic, G. Confidentiality Enforcement Using Dynamic Information Flow Analyses. PhD thesis, Kansas State University, 2007.

Austin, T. H. and Flanagan, C. Efficient Purely-Dynamic Information Flow Analysis. In Proc. of PLAS 2009, pp. 113–124, ACM, 2009.

Austin, T. H. Dynamic Information Flow Analysis for JavaScript in a Web Browser. PhD thesis, University of California, Santa Cruz, March, 2013.

Austin, T. H., Disney, T., Flanagan, C and Jeffrey, A. Dynamic Information Flow Analysis for Featherweight JavaScript. Technical Report #UCSC-SOE-11-19, University California, Santa Cruz, 2011.

Myers, A. C. and Liskov, B. Protecting Privacy Using the Decentralized Label Model. ACM TOSEM, 9:410 – 442, 2000.

Downloads

Published

2025-11-11

How to Cite

[1]
D. Hassan, “Evaluating the Overhead of Dynamic Information Flow Analysis Performed by Security Typed Programming Languages”, Int. J. Comp. Sci. Eng., vol. 4, no. 11, pp. 69–74, Nov. 2025.

Issue

Vol. 4 No. 11 (2016): IJCSE November Edition

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.