A Theorem Proving Approach to Analysis of Secure Information Flow
Most attempts at analysing secure information flow in programs are based on domain-specific logics. Though computationally feasible, these approaches suffer from the need for abstraction and the high cost of building dedicated tools for real programming languages. The authors recast the information flow problem in a general program logic rather than a problem-specific one. They investigate the feasibility of this approach by showing how a general purpose tool for software verification can be used to perform information flow analyses. They are able to prove security and insecurity of programs including advanced features such as method calls, loops, and object types for the target language JAVA CARD.