ACM Letters on Programming Languages and Systems (LOPLAS)
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow inference for free
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
A sound type system for secure flow analysis
Journal of Computer Security
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
Standard fixpoint iteration for Java bytecode verification
ACM Transactions on Programming Languages and Systems (TOPLAS)
Checking security of Java bytecode by abstract interpretation
Proceedings of the 2002 ACM symposium on Applied computing
Abstract interpretation of operational semantics for secure information flow
Information Processing Letters
VMCAI '02 Revised Papers from the Third International Workshop on Verification, Model Checking, and Abstract Interpretation
Compile-Time Detection of Information Flow in Sequential Programs
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Byte Code Verification for Java Smart Card Based on Model Checking
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Checking Secure Interactions of Smart Card Applets
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Statically checking confidentiality via dynamic labels
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Efficient type inference for secure information flow
Proceedings of the 2006 workshop on Programming languages and analysis for security
Instruction-level security analysis for information flow in stack-based assembly languages
Information and Computation
On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Integrating hardware and software information flow analyses
Proceedings of the 2009 ACM SIGPLAN/SIGBED conference on Languages, compilers, and tools for embedded systems
Secure Method Calls by Instrumenting Bytecode with Aspects
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
An information flow verifier for small embedded systems
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
A sound analysis for secure information flow using abstract memory graphs
FSEN'09 Proceedings of the Third IPM international conference on Fundamentals of Software Engineering
Load time security verification
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
JCSI: A tool for checking secure information flow in Java Card applications
Journal of Systems and Software
Static vulnerability detection in Java service-oriented components
Journal in Computer Virology
| Hi-index | 0.00 |
Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever propagate to low security observers. We propose a static analysis similar to the type-level abstract interpretation used for standard bytecode verification. Instead of types, our technique works with secrecy levels assigned to classes, methods' parameters and returned values, and handles implicit information flows. A verification tool based on the proposed technique is under development. Using the tool, programs downloaded from untrusted hosts can be checked locally prior to executing them.