Checking secure information flow in Java']Java bytecode by code transformation and standard bytecode verification

被引：10

作者：

Bernardeschi, C ^{[1
]}

De Francesco, N ^{[1
]}

Lettieri, G ^{[1
]}

Martini, L ^{[1
]}

机构：

[1] Univ Pisa, Dipartimento Ingn Informaz, I-56100 Pisa, Italy

来源：

SOFTWARE-PRACTICE & EXPERIENCE | 2004年 / 34卷 / 13期

关键词：

security; information flow; !text type='Java']Java[!/text] bytecode; bytecode verifier;

D O I：

10.1002/spe.611

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information How in the original code. We present a prototype tool that implements the method and we show an example of application. Copyright (C) 2004 John Wiley Sons, Ltd.

引用

页码：1225 / 1255

页数：31

共 50 条

[1] Java']Java bytecode verification for secure information flow
Avvenuti, M
Bernardeschi, C
De Francesco, N
ACM SIGPLAN NOTICES, 2003, 38 (12) : 20 - 27
[2] Using standard verifier to check secure information flow in Java']Java bytecode
Bernardeschi, C
De Francesco, N
Lettieri, G
26TH ANNUAL INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, PROCEEDINGS, 2002, : 850 - 855
[3] Java']Java bytecode verification
Nipkow, T
JOURNAL OF AUTOMATED REASONING, 2003, 30 (3-4) : 233 - 233
[4] Standard fixpoint iteration for Java']Java bytecode verification
Qian, ZY
ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2000, 22 (04): : 638 - 672
[5] Java bytecode dependence analysis for secure information flow
Bian, Gaowei
Nakayama, Ken
Kobayashi, Yoshitake
Maekawa, Mamoru
International Journal of Network Security, 2007, 4 (01) : 59 - 68
[6] Java Bytecode Verification
Tobias Nipkow
Journal of Automated Reasoning, 2003, 30 : 233 - 233
[7] Information flow analysis for Java']Java bytecode
Genaim, S
Spoto, F
VERIFICATION, MODEL CHECKING, AND ABSTRACT INTERPRETATION, PROCEEDINGS, 2005, 3385 : 346 - 362
[8] Using Bytecode Instrumentation to Secure Information Flow in Multithreaded Java']Java Applications
Sharaf, Mohamed
Huang, Jie
Huang, Chin-Tser
2013 33RD IEEE INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS WORKSHOPS (ICDCSW 2013), 2013, : 362 - 367
[9] Java']Java bytecode verification: An overview
Leroy, X
COMPUTER AIDED VERIFICATION, PROCEEDINGS, 2001, 2102 : 265 - 285
[10] Integrated Java']Java Bytecode Verification
Gal, Andreas
Probst, Christian W.
Franz, Michael
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2005, 131 : 27 - 38

← 1 2 3 4 5 →