Information Flow in Object-Oriented Software
Beckert, Bernhard
; Bruns, Daniel; Klebanov, Vladimir; Scheben, Christoph; Schmitt, Peter H.; Ulbrich, Mattias
; Bruns, Daniel; Klebanov, Vladimir; Scheben, Christoph; Schmitt, Peter H.; Ulbrich, Mattias
Abstract:
This paper contributes to the investigation of object-sensitive information-flow properties for sequential Java, i.e., properties that take into account information leakage through objects, as opposed to primitive values. We present two improvements to a popular object-sensitive non-interference property. Both reduce the burden on analysis and monitoring tools. The second contribution is a formalization of this property in a program logic -- JavaDL in our case -- which allows using an existing tool without requiring program modification. The third contribution is a novel fine-grained specification methodology. In our approach, arbitrary JavaDL terms (read side-effect-free Java expressions) may be assigned a security level -- in contrast to security labels being attached to fields and variables only.
| Zugehörige Institution(en) am KIT | Institut für Theoretische Informatik (ITI) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2013 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000036851 |
| HGF-Programm | 46.12.03 (POF II, LK 01) |
| Erschienen in | Logic-Based Program Synthesis and Transformation, LOPSTR 2013, Madrid, Spain, September 16-18, 2013 [Konferenz]. Ed.: G. Gupta |
| Verlag | Universidad |
| Seiten | 15-32 |
| Projektinformation | KASTEL I (BMFTR, 01BY1172 / 16BY1172) |
| Schlagwörter | kastel |