Hybrid static-runtime information flow and declassification enforcement

Bruno P.S. Rocha, Mauro Conti, Sandro Etalle, Bruno Crispo

    Research output: Contribution to journalArticleAcademicpeer-review

    27 Citations (Scopus)
    89 Downloads (Pure)


    There are different paradigms for enforcing information flow and declassification policies. These approaches can be divided into static analyzers and runtime enforcers. Each class has its own strengths and weaknesses, each being able to enforce a different set of policies. In this paper, we introduce a hybrid static-runtime enforcement mechanism that works on unannotated program code and supports information-flow control, as well as declassification policies. Our approach manages to enforce realistic policies, as shown by our three running examples, all within the context of a mobile device application, which cannot be handled separately by static or runtime approaches, and are also not covered by current access control models of mobile platforms such as Android or iOS. We also show that including an intermediate step (called preload check) makes both the static analysis system independent (in terms of security labels) and the runtime enforcer lightweight. Finally, we implement our runtime enforcer and run experiments that show that its overhead is so low that the approach can be rolled out on current mobile systems.
    Original languageUndefined
    Pages (from-to)1294-1305
    Number of pages12
    JournalIEEE transactions on information forensics and security
    Issue number8
    Publication statusPublished - Aug 2013


    • SCS-Cybersecurity
    • EWI-24480
    • Hybrid
    • Flow
    • IR-89421
    • Enforcement
    • Static-Runtime
    • METIS-302709
    • Declassification

    Cite this