Research On Constructing Of System Information Flow Graph Based On Dependence Graph

The problem of covert channel is a new challenge to the security of the multilevel opration system,which apply mandatory or discretionary access control policy to protect the information security.It get a lot of attention of the international researchers recently years,and it is a very difficult and an important problem during the process of developing high security trust softwares.Information flow analysis methodology is the earlyest way to search covert channel, and it is also an effective way.In order to describe the information flow of the system detailedly,this paper construct system information graph based on the system source code.This system information graph includes several kinds of information flow graphs.It provides a basic input tbr the informaiton flow analysis.If directly construct the system information flow graph according to the simple information flow rules,it will produce a lot of fault information flow paths during the analyse process because of the intercrossing of the information flow paths in the graph,and it will add much analyse work during the analyse process.At the same time,there isn't an effective method to analyse the information flow graph,and the work grows heavier with the size of the information flow graph.In order to reduce the analyse works,we need to construct information graph as small as possible.The purpose of this paper is to reduce the fault information flow paths in the graph and construct graph as small as possible and easier to analyse.The main contribution of this paper lies in two aspect:(1)based on the dependence graph, abstract the information flow among the variables to construct the information flow graph according the dependence relationship among the statements,not just according every statement; (2)just consider the resorure and the destination of an informaiton flow and ignore the path of the information flow convey,which avoid the intercrossing of the informaiton flow paths in the graph and reduce the numbers of the fault information flow paths sharply.The method detailed in this paper could devide into three processes:(1)based on the control flow graph to identity the data dependence and control dependence of among the statements of the system program,construct the program dependence graph;(2)based on the program dependence graph to do the transitive transformation,construct the transtive depencence graph; (3)based on the transtive depencence graph,abstract the information flow to construct all kinds information flow graph of the system.This paper construct a series information flow graphs.Such as the function information flow sub-graph and function information flow graph,which describe the information flow inner the function,the system information graph,which describe the information flow aomong the shared variables in the system,the information graph among the functions,which describe the information flow among the fuctions of the system.These information flow graphs decribe the information flow of the system from different observe angles.They have a common character that the information in it just focus on the source node and the destination node of the information flow,which ignore the transfer paths of the information flow.As a result,it avoid the intercrossing of the different information flow paths,and avoid the fault information flow paths in the graph caused by the transitivity of the informaiton flow.