Using Standard Verifier to Check Secure Information Flow in Java Bytecode

Authors:
Cinzia Bernardeschi;Nicoletta De Francesco;Giuseppe Lettieri
Affiliations:
-;-;-
Venue:
COMPSAC '02 Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment
Year:
2002

Citing 0
Cited 1

Checking secure information flow in java bytecode by code transformation and standard bytecode verification

Software—Practice & Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser, security problems may arise. Here we present a method to check illicit flows in Java bytecode, that exploits the type-level abstract interpretation of bytecode verification. We present an algorithm transforming a bytecode into another one that, when abstractly executed by the standard bytecode Verifier, reveals illicit information flows. We show an example of application of the method.