Abstract. This paper contributes to the investigation of object-sensitive information flow properties for sequential Java, i.e., properties that take into account information leakage through objects, as opposed to primitive values. We present two improvements to a popular object-sensitive non-interference property. Both reduce the burden on analysis and monitoring tools. The second contribution is a formalization of this property in a program logic – JavaDL in our case – which allows using an existing tool without requiring program modification. The third contribution is a novel fine-grained specification methodology. In our approach, arbitrary JavaDL terms (read ‘side-effect-free Java expressions’) may be assigned a security level – in con...
A common theoretical assumption in the study of information flow security in Java-like languages is ...
We consider a sequential object-oriented language with pointers and mutable state, private fields an...
Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to...
Language-based information-flow security is concerned with specifying and enforcing security policie...
This thesis improves the current state of the art on information-flow control of interactive and obj...
It is a common practice to retrieve code from an outside source, execute it and return the result to...
Abstract: We present the JOANA (Java Object-sensitive ANAlysis) framework for information flow contr...
Contains fulltext : 29857.pdf (publisher's version ) (Open Access)Programs contain...
Security of Java programs is important as they can be executed in different platforms. This paper ad...
This paper explores information flow control in systems in which the security classes of data can va...
This paper explores information flow control in systems in which the security classes of data can v...
Much progress has recently been made on information flow control, enabling the enforcement of increa...
This work is organized in seven chapters. The introduction, Chapter 1, illus-trates the context and ...
In this thesis, the JavaDL logic is amended by a new modality for the verification of termination-in...
submitted to TOPLAS in September 2007Non-interference is a semantical condition on programs that gua...
A common theoretical assumption in the study of information flow security in Java-like languages is ...
We consider a sequential object-oriented language with pointers and mutable state, private fields an...
Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to...
Language-based information-flow security is concerned with specifying and enforcing security policie...
This thesis improves the current state of the art on information-flow control of interactive and obj...
It is a common practice to retrieve code from an outside source, execute it and return the result to...
Abstract: We present the JOANA (Java Object-sensitive ANAlysis) framework for information flow contr...
Contains fulltext : 29857.pdf (publisher's version ) (Open Access)Programs contain...
Security of Java programs is important as they can be executed in different platforms. This paper ad...
This paper explores information flow control in systems in which the security classes of data can va...
This paper explores information flow control in systems in which the security classes of data can v...
Much progress has recently been made on information flow control, enabling the enforcement of increa...
This work is organized in seven chapters. The introduction, Chapter 1, illus-trates the context and ...
In this thesis, the JavaDL logic is amended by a new modality for the verification of termination-in...
submitted to TOPLAS in September 2007Non-interference is a semantical condition on programs that gua...
A common theoretical assumption in the study of information flow security in Java-like languages is ...
We consider a sequential object-oriented language with pointers and mutable state, private fields an...
Common protection mechanisms fail to provide end-to-end security; programs with legitimate access to...