Java bytecode verification for secure information flow
- 1 December 2003
- journal article
- Published by Association for Computing Machinery (ACM) in ACM SIGPLAN Notices
- Vol. 38 (12) , 20-27
- https://doi.org/10.1145/966051.966055
Abstract
Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever propagate to low security observers. We propose a static analysis similar to the type-level abstract interpretation used for standard bytecode verification. Instead of types, our technique works with secrecy levels assigned to classes, methods' parameters and returned values, and handles implicit information flows. A verification tool based on the proposed technique is under development. Using the tool, programs downloaded from untrusted hosts can be checked locally prior to executing them.Keywords
This publication has 11 references indexed in Scilit:
- An abstract semantics tool for secure information flow of stack-based assembly programsMicroprocessors and Microsystems, 2002
- Abstract interpretation of operational semantics for secure information flowInformation Processing Letters, 2002
- Checking security of Java bytecode by abstract interpretationPublished by Association for Computing Machinery (ACM) ,2002
- Standard fixpoint iteration for Java bytecode verificationACM Transactions on Programming Languages and Systems, 2000
- A core calculus of dependencyPublished by Association for Computing Machinery (ACM) ,1999
- A sound type system for secure flow analysisJournal of Computer Security, 1996
- What's in a region?ACM Letters on Programming Languages and Systems, 1993
- A security flow control algorithm and its denotational semantics correctness proofFormal Aspects of Computing, 1992
- An Axiomatic Approach to Information Flow in ProgramsACM Transactions on Programming Languages and Systems, 1980
- Certification of programs for secure information flowCommunications of the ACM, 1977