Musard Balliu: ENCOVER: Symbolic Exploration for Information Flow Security

We address the problem of program verification for information flow policies by means of symbolic execution and model checking. Noninterference-like security policies are formalized using epistemic logic. We show how the policies can be accurately verified using a combination of concolic testing and SMT solving. As we demonstrate, many scenarios considered tricky in the literature can be solved precisely using the proposed approach. This is confirmed by experiments performed with ENCOVER, a tool based on Java PathFinder and Z3, which we have developed for epistemic noninterference concolic verification.

This is a rehearsal talk for CSF 2012, based on joint work with Mads Dam and Gurvan Le Guernic.