TUM Logo

Platform Independant Information-Flow Control for C/C++

Platform Independant Information-Flow Control for C/C++

Supervisor(s): Julian Horsch, Philipp Zieris
Status: finished
Topic: Others
Author: Emanuel Vintila
Submission: 2020-04-15
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Platform Independent Information-Flow Control based on Pointer-Tagging




Publicly observable software systems often handle private or secret information. In order to ensure non-interference between different data sensitivity levels (i.e., to avoid the leaking of secrets), Information-Flow Control (IFC) must be enforced based on security policies, which can vary between applications. We propose a runtime IFC enforcer for un-annotated C/C++ code that accepts user-defined policies at the compilation phase and instruments the code at the platform independent LLVM level. Data pointers are tagged with different sensitivity levels, which are propagated at runtime across the data and control flows of the program in order to detect illegal explicit flows (e.g., public := secret), as well as implicit flow (e.g., public := 1 if secret else 0).