Abstract

Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever propagate to low security observers. We propose a static analysis similar to the type-level abstract interpretation used for standard bytecode verification. Instead of types, our technique works with secrecy levels assigned to classes, methods' parameters and returned values, and handles implicit information flows. A verification tool based on the proposed technique is under development. Using the tool, programs downloaded from untrusted hosts can be checked locally prior to executing them.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A flood-based information flow analysis and network minimization method for gene regulatory networks
Ilias Tagkopoulos ... Vadim Mozhayskiy
BMC Bioinformatics | VOL. 14
Ilias Tagkopoulos, et. al.Ilias Tagkopoulos ... Vadim Mozhayskiy
24 Apr 2013
Static Information Flow Analysis with Handling of Implicit Flows and a Study on Effects of Implicit Flows vs Explicit Flows
A Milanova ... Yin Liu
-
A Milanova, et. al.A Milanova ... Yin Liu
01 Mar 2010
Secure information flow by self-composition
Tamara Rezk ... Pedro R D'Argenio
Mathematical Structures in Computer Science | VOL. 21
Tamara Rezk, et. al.Tamara Rezk ... Pedro R D'Argenio
27 Oct 2011
Mixed-mode Information Flow Tracking with Compile-time Taint Semantics Extraction and Offline Replay
Wen-Yang Lai ... Yu-Hsin Hung
-
Wen-Yang Lai, et. al.Wen-Yang Lai ... Yu-Hsin Hung
30 Jan 2021
View more papers

More From: ACM SIGPLAN Notices

Paper Title
Journal
Date
Author
Regenerate: a language generator for extended regular expressions
Peter Thiemann ... Gabriel Radanne
ACM SIGPLAN Notices | VOL. 53
Peter Thiemann, et. al.Peter Thiemann ... Gabriel Radanne
07 Apr 2020
Implementing a semi-causal domain-specific language for context detection over binary sensors
Charles Consel ... Nic Volanschi
ACM SIGPLAN Notices | VOL. 53
Charles Consel, et. al.Charles Consel ... Nic Volanschi
07 Apr 2020
Orchestrating dynamic analyses of distributed processes for full-stack JavaScript programs
Elisa Gonzalez Boix ... Wolfgang De Meuter
ACM SIGPLAN Notices | VOL. 53
Elisa Gonzalez Boix, et. al.Elisa Gonzalez Boix ... Wolfgang De Meuter
07 Apr 2020
Model-based security analysis of feature-oriented software product lines
Daniel Strüber ... Sven Peldszus
ACM SIGPLAN Notices | VOL. 53
Daniel Strüber, et. al.Daniel Strüber ... Sven Peldszus
07 Apr 2020
View more papers