We present a new algorithm for discovering probabilistic security leaks in concurrent programs. Probabilistic leaks arise from subtle interactions between threads, and probabilistic noninterference guarantees that such leaks do not exist.
The new algorithm is named RLSOD ("Relaxed Low Security Observable Determinism") and avoids soundness leaks, restrictions, and precision problems of earlier approaches; this feature beiing the result of flow-sensitive, context-sensitive program analysis, and a new treatment of termination leaks.
The talk presents a short overview of probabilistic leaks and their handling in the security analysis tool JOANA, and then explains RLSOD in some detail. The consequences of flow-sensitivity are discussed, and the new treatment of nonterminating traces is described. The static RLSOD analysis (which is part of JOANA) is explained, and the soundness theorem for RLSOD is sketched.
The work has been described in detail in: D. Giffhorn, G. Snelting, /A new algorithm for low-deterministic security/, International Journal of Information Security, *Vol. 14*, (3), pp. 263-287, 2015.