Checking secure information flow in Java']Java bytecode by code transformation and standard bytecode verification

被引:10
|
作者
Bernardeschi, C [1 ]
De Francesco, N [1 ]
Lettieri, G [1 ]
Martini, L [1 ]
机构
[1] Univ Pisa, Dipartimento Ingn Informaz, I-56100 Pisa, Italy
来源
SOFTWARE-PRACTICE & EXPERIENCE | 2004年 / 34卷 / 13期
关键词
security; information flow; !text type='Java']Java[!/text] bytecode; bytecode verifier;
D O I
10.1002/spe.611
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information How in the original code. We present a prototype tool that implements the method and we show an example of application. Copyright (C) 2004 John Wiley Sons, Ltd.
引用
收藏
页码:1225 / 1255
页数:31
相关论文
共 50 条
  • [31] Mobile code security by Java']Java bytecode dependence analysis
    Bian, G
    Nakayama, K
    Kobayashi, Y
    Maekawa, M
    IEEE INTERNATIONAL SYMPOSIUM ON COMMUNICATIONS AND INFORMATION TECHNOLOGIES 2004 (ISCIT 2004), PROCEEDINGS, VOLS 1 AND 2: SMART INFO-MEDIA SYSTEMS, 2004, : 923 - 926
  • [32] JBMC: Bounded Model Checking for Java']Java Bytecode (Competition Contribution)
    Cordeiro, Lucas
    Kroening, Daniel
    Schrammel, Peter
    TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS, PT III, 2019, 11429 : 219 - 223
  • [33] JBMC: A Bounded Model Checking Tool for Verifying Java']Java Bytecode
    Cordeiro, Lucas
    Kesseli, Pascal
    Kroening, Daniel
    Schrammel, Peter
    Trtik, Marek
    COMPUTER AIDED VERIFICATION (CAV 2018), PT I, 2018, 10981 : 183 - 190
  • [34] SNITCH: Dynamic Dependent Information Flow Analysis for Independent Java']Java Bytecode
    Geraldo, Eduardo
    Seco, Joao Costa
    ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2019, (302): : 16 - 31
  • [35] Using data flow analysis to infer type information in Java']Java bytecode
    Maggi, P
    Sisto, R
    FIRST IEEE INTERNATIONAL WORKSHOP ON SOURCE CODE ANALYSIS AND MANIPULATION, PROCEEDINGS, 2001, : 211 - 222
  • [36] MMT: Mutation Testing of Java']Java Bytecode with Model Transformation
    Bockisch, Christoph
    Taentzer, Gabriele
    Neufeld, Daniel
    2023 ACM/IEEE INTERNATIONAL CONFERENCE ON MODEL DRIVEN ENGINEERING LANGUAGES AND SYSTEMS COMPANION, MODELS-C, 2023, : 35 - 39
  • [37] Magic-sets transformation for the analysis of Java']Java bytecode
    Payet, Etienne
    Spot, Fausto
    STATIC ANALYSIS, PROCEEDINGS, 2007, 4634 : 452 - +
  • [38] JBMC: A Bounded Model Checking Tool for Java Bytecode
    Brenguier, Romain
    Cordeiro, Lucas
    Kroening, Daniel
    Schrammel, Peter
    arXiv, 2023,
  • [39] Code coverage differences of Java']Java bytecode and source code instrumentation tools
    Horvath, Ferenc
    Gergely, Tamas
    Beszedes, Arpad
    Tengeri, David
    Balogh, Gergo
    Gyimothy, Tibor
    SOFTWARE QUALITY JOURNAL, 2019, 27 (01) : 79 - 123
  • [40] Target code generation using the code expansion technique for Java']Java Bytecode
    Ko, KM
    Kim, SG
    PARALLEL AND DISTRIBUTED COMPUTING: APPLICATIONS AND TECHNOLOGIES, PROCEEDINGS, 2004, 3320 : 752 - 755
12345