Affiliation:
1. Università di Pisa, Pisa, Italy
Abstract
Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever propagate to low security observers. We propose a static analysis similar to the type-level abstract interpretation used for standard bytecode verification. Instead of types, our technique works with secrecy levels assigned to classes, methods' parameters and returned values, and handles implicit information flows. A verification tool based on the proposed technique is under development. Using the tool, programs downloaded from untrusted hosts can be checked locally prior to executing them.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Cited by
12 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Securing Class Initialization in Java-like Languages;IEEE Transactions on Dependable and Secure Computing;2013-01
2. JCSI: A tool for checking secure information flow in Java Card applications;Journal of Systems and Software;2012-11
3. Static vulnerability detection in Java service-oriented components;Journal of Computer Virology and Hacking Techniques;2012-10-18
4. Load Time Security Verification;Information Systems Security;2011
5. Securing Class Initialization;IFIP Advances in Information and Communication Technology;2010