Information Flow Analysis for Java Bytecode
نویسندگان
چکیده
We present a context-sensitive compositional analysis of information flow for full (mono-threaded) Java bytecode. Our idea consists in transforming the Java bytecode into a control-flow graph of basic blocks of code such that the complex features of the Java bytecode made explicit. The analysis is based on modeling the information flow dependencies with Boolean functions which leads to an accurate analysis and efficient implementation which uses Binary Decision Diagrams to manipulate Boolean functions. To the best of our knowledge, it is the first implementation of an analysis of information flow for the full Java bytecode. The work is still in progress but it is already support a quite large portion of the Java bytecode which includes exceptions and the subroutine handling mechanism.
منابع مشابه
Java Bytecode Dependence Analysis for Secure Information Flow
Java programs can be transmitted and executed on another host in bytecode format, thus the sensitive information of the host may be leaked via these assembly-like programs. Information flow policy can ensure data confidentiality, however, conventional information flow analysis mainly focused on the programs written in high-level programming languages and is generally performed by type checking ...
متن کاملData-flow Based Vulnerability Analysis and Java Bytecode
The security of information systems has been the focus because of network applications. Vulnerability analysis is widely used to evaluate the security of a system to assure system security. With the help of vulnerability analysis, the security risk of a system can be predicted so that the countermeasures are arranged in advance. These will promote system security effectively. The object of vuln...
متن کاملJCSI: A tool for checking secure information flow in Java Card applications
This paper describes a tool for checking secure information flow in Java Card applications. The tool performs a static analysis of Java Card CAP files and includes a CAP viewer. The analysis is based on the theory of abstract interpretation and on a multi-level security policy assignment. Actual values of variables are abstracted into security levels, and bytecode instructions are executed over...
متن کاملChecking secure information flow in Java bytecode by code transformation and standard bytecode verification
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error d...
متن کاملUsing Standard Verifier to Check Secure Information Flow in Java Bytecode
When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser, security problems may arise. Here we present a method to check illicit ows in Java bytecode, that exploits the type-level abstract interpretation of bytecode veri cation. We present an algorithm transformi...
متن کامل