Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Constructing compact models of concurrent Java programs
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Compositional pointer and escape analysis for Java programs
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Extending and evaluating flow-insenstitive and context-insensitive points-to analyses for Java
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Points-to analysis for Java using annotated constraints
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Principles of Program Analysis
Principles of Program Analysis
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Scaling Java points-to analysis using SPARK
CC'03 Proceedings of the 12th international conference on Compiler construction
The MOBIUS Proof Carrying Code Infrastructure
Formal Methods for Components and Objects
Secure Method Calls by Instrumenting Bytecode with Aspects
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
MOBIUS: mobility, ubiquity, security objectives and progress report
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
Extracting control from data: user interfaces of MIDP applications
TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Verifying pointer and string analyses with region type systems
LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
Type-Based enforcement of secure programming guidelines -- code injection prevention at SAP
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Verifying pointer and string analyses with region type systems
Computer Languages, Systems and Structures
| Hi-index | 0.00 |
Today, most middle-end mobile phones embed a Java runtime environment that can execute programs downloaded on the network by the user. This new functionality creates great opportunities for new services but also brings the full range of risks that existed on the personal computer to the phone. Telecommunication operators are the last warrant of the quality of the software downloaded by their customers and might sign the applications they trust. Unfortunately they have little evidence to check the quality of the contents of the jammed bytecode they receive from developers. The traditional evaluation process relies mostly on the manual testing of the software on actual terminals. But this is not adapted for security properties. MATOS (Midlet Analysis TOol Suite) is a static analysis tool that checks the possible values passed to some identified methods directly on the compiled application. It is used by the test teams of the mobile operator Orange to check what kind of connections are opened by MIDP applications. We will present the security requirements we want to check, how MATOS helps to ensure them and how the necessary analysis are performed using a combination of (rather) well-known analysis techniques.