Static analysis of software components for information flow security

For developers to predict whether their code will leak secrets typically requires analysing the whole program; for programs that are independently composed of software components by a third-party, this is a challenging prediction for the component developers to make. The outcome of this research is a set of tools that bridges that gap. This includes Security Contracts, which enable the abstract definition of software component behaviour. These abstractions can be used by developers to understand how their component will interact with other components, which enable our new analyses that can predict whether a component will leak secrets.