Automated Analysis of Java Methods for Confidentiality

We address the problem of analyzing programs such as J2ME midlets for mobile devices, where a central correctness requirement concerns confidentiality of data that the user wants to keep secret. Existing software model checking tools analyze individual program executions, and are not applicable to checking confidentiality properties that require reasoning about equivalence among executions. We develop an automated analysis technique for such properties. We show that both overand underapproximation is needed for sound analysis. Given a program and a confidentiality requirement, our technique produces a formula that is satisfiable if the requirement holds. We evaluate the approach by analyzing bytecode of a set of Java ( J2ME) methods. Disciplines Computer Sciences Comments From the 21st International Conference, CAV 2009, Grenoble, France, June 26 July 2, 2009. This conference paper is available at ScholarlyCommons: http://repository.upenn.edu/cis_papers/550 Automated Analysis of Java Methods for Confidentiality Pavol Černý and Rajeev Alur University of Pennsylvania {cernyp,alur}@cis.upenn.edu Abstract. We address the problem of analyzing programs such as J2ME We address the problem of analyzing programs such as J2ME midlets for mobile devices, where a central correctness requirement concerns confidentiality of data that the user wants to keep secret. Existing software model checking tools analyze individual program executions, and are not applicable to checking confidentiality properties that require reasoning about equivalence among executions. We develop an automated analysis technique for such properties. We show that both overand underapproximation is needed for sound analysis. Given a program and a confidentiality requirement, our technique produces a formula that is satisfiable if the requirement holds. We evaluate the approach by analyzing bytecode of a set of Java (J2ME) methods.