Type-based information flow analysis for bytecode languages with variable object field policies

Francisco Bavera, Eduardo Bonelli

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Static, type-based information flow analysis techniques targeted at Java and JVM-like code typically assume a global security policy on object fields: all fields are assigned a fixed security level. In essence they are treated as standard variables. However different objects may be created under varying security contexts, particularly for widely used classes such as wrapper or collection classes. This entails an important loss in precision of the analysis. We present a flowsensitive type system for statically detecting illegal flows of information in a JVM-like language that allows the level of a field to vary at different object creation points. Also, we prove a noninterference result for this language.

Original languageEnglish
Title of host publicationProceedings of the 23rd Annual ACM Symposium on Applied Computing, SAC'08
Pages347-351
Number of pages5
DOIs
StatePublished - 2008
Event23rd Annual ACM Symposium on Applied Computing, SAC'08 - Fortaleza, Ceara, Brazil
Duration: Mar 16 2008Mar 20 2008

Publication series

NameProceedings of the ACM Symposium on Applied Computing

Conference

Conference23rd Annual ACM Symposium on Applied Computing, SAC'08
Country/TerritoryBrazil
CityFortaleza, Ceara
Period3/16/083/20/08

ASJC Scopus subject areas

  • Software

Cite this