An aspect-oriented approach to tracing information flow

Abstract

There is a duality between access control and information flow control as both mechanisms are concerned with the flow of information. However, information flow control is more than access control, as an illegal flow might occur even when only authorized requests are performed on an object. Information flow control is inherently difficult to apply, however this does not negate the need for ensuring that information considered to be highly confidential does not flow into objects that may be accessed by users that have lower order security rights. Access control policies are violated in this way by programming errors and there has to be a means of isolating these errors. Programmers often rely on the simple process of source-code instrumentation to trace program flow to discover errors. Program instrumentation is the act of injecting informative statements into software code for the purposes of monitoring. It has been shown that aspect-oriented programming languages are highly suitable for instrumenting object-oriented code for testing purposes This paper advocates that aspect-oriented programming and design may be used to seamlessly instrument a software system to identify information leakage.