Type-based information flow analysis for bytecode languages with variable object field policies

Francisco Bavera, Eduardo Bonelli

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Static, type-based information flow analysis techniques targeted at Java and JVM-like code typically assume a global security policy on object fields: all fields are assigned a fixed security level. In essence they are treated as standard variables. However different objects may be created under varying security contexts, particularly for widely used classes such as wrapper or collection classes. This entails an important loss in precision of the analysis. We present a flowsensitive type system for statically detecting illegal flows of information in a JVM-like language that allows the level of a field to vary at different object creation points. Also, we prove a noninterference result for this language.

Original languageEnglish
Title of host publicationProceedings of the 23rd Annual ACM Symposium on Applied Computing, SAC'08
Number of pages5
StatePublished - 2008
Event23rd Annual ACM Symposium on Applied Computing, SAC'08 - Fortaleza, Ceara, Brazil
Duration: Mar 16 2008Mar 20 2008

Publication series

NameProceedings of the ACM Symposium on Applied Computing


Conference23rd Annual ACM Symposium on Applied Computing, SAC'08
CityFortaleza, Ceara

ASJC Scopus subject areas

  • Software

Cite this