Implicit Flows in Malicious and Nonmalicious Code
Information-flow technology is a promising approach for ensuring security by design and construction. When tracking information flow, of particular concern are implicit flows, i.e., flows through control flow when computation branches on secret data and performs publicly observed side effects depending on which branch is taken. The large body of literature exercises two extreme views on implicit flows: either track them (striving to show that there are no leaks, and often running into the problem of complex enforcement mechanisms and false alarms), or not track them (which reduces false alarms, but provides weak or no security guarantees). This paper distinguishes between malicious and non-malicious code. The attacker may exploit implicit flows with malicious code, and so they should be tracked.