- Author:
- Deepak Chandra,
- Adviser:
- Michael Franz
Information flow analysis policies are more flexible and powerful than currently prevalent discretionary access control(DAC) policies. Current information flow systems are either purely dynamic or static. Pure dynamic systems are overly conservative, as they suffer from label creep due to lack of information about other paths. On the other hand, pure static systems are conservative about runtime values, require source code, and programmer annotations. We propose hybrid information flow analysis, which is more flexible and precise than either pure static or dynamic techniques individually. It leverages the strengths of the two approaches, while mitigating their weaknesses. It statically gathers information and makes it available to the runtime, so that the runtime mechanism can safely contain the label creep while precisely tacking information in current path of execution. The proposed analysis works on Java bytecode, does not require source code or programmer annotations.
Cited By
- Xu G, Mitchell N, Arnold M, Rountev A, Schonberg E and Sevitsky G (2014). Scalable Runtime Bloat Detection Using Abstract Dynamic Slicing, ACM Transactions on Software Engineering and Methodology, 23:3, (1-50), Online publication date: 1-May-2014.
- Azadmanesh M and Sharifi M Towards a system-wide and transparent security mechanism using language-level information flow control Proceedings of the 3rd international conference on Security of information and networks, (19-26)
- Austin T and Flanagan C Efficient purely-dynamic information flow analysis Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, (113-124)
Index Terms
- Information flow analysis and enforcement in java bytecode
Recommendations
Java bytecode verification for secure information flow
Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever ...
Information flow analysis for java bytecode
VMCAI'05: Proceedings of the 6th international conference on Verification, Model Checking, and Abstract InterpretationWe present a flow and context sensitive compositional information flow analysis for full (mono-threaded) Java bytecode. We base our analysis on the transformation of the Java bytecode into a control-flow graph of basic blocks of code which makes ...
Data-Flow Based Analysis of Java Bytecode Vulnerability
WAIM '08: Proceedings of the 2008 The Ninth International Conference on Web-Age Information ManagementJava is widely used because its security and platform independence. Although Java's security model is designed for protecting users from untrusted sources, Java's security is not under fully control at the application level. A large number of Java ...