Marco Avvenuti
Abstract
Security of Java programs is important as they can be executed in different platforms. This paper addresses the problem of secure information flow for Java bytecode. In information flow analysis one wishes to check if high security data can ever propagate to low security observers. We propose a static analysis similar to the type-level abstract interpretation used for standard bytecode verification. Instead of types, our technique works with secrecy levels assigned to classes, methods' parameters and returned values, and handles implicit information flows. A verification tool based on the proposed technique is under development. Using the tool, programs downloaded from untrusted hosts can be checked locally prior to executing them.
- M. Abadi, A. Banerjee, N. Heintze, and J. Riecke. A core calculus of dependency. In 26th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Proceedings, pages 147--160. Texas, Usa, 1999.]] Google Scholar
Digital Library
- G. R. Andrews and R. P. Reitman. An axiomatic approach to information flow in programs. ACM Trans. Program. Lang. Syst., 2(1):56--76, 1980.]] Google ScholarDigital Library
- T. Ball. What's in a region? or computing control dependence regions in near-linear time for reducible control flow. ACM Letters on Program. Lang. Syst., 2(1--4):1--16, 1993.]] Google ScholarDigital Library
- J. Banatre, C. Bryce, and D. L. Métayer. Compile-time detection of information flow in sequential programs. LNCS, 875:55--73, 1994.]] Google ScholarDigital Library
- R. Barbuti, C. Bernardeschi, and N. D. Francesco. Abstract interpretation of operational semantics for secure information flow. Information Processing Letters, 83(2):101--108, 2002.]] Google ScholarDigital Library
- R. Barbuti, C. Bernardeschi, and N. D. Francesco. Checking security of java bytecode by abstract interpretation. In The 17th ACM Symposium on Applied Computing: Special Track on Computer Security Proceedings. Madrid, March 2002.]] Google ScholarDigital Library
- C. Bernardeschi and N. D. Francesco. Combining abstract interpretation and model checking for analysing security properties of java bytecode. In Third International Workshop on Verification, Model Checking and Abstract Interpretation Proceedings, pages 1--15. LNCS 2294, Venice, January 2002.]] Google ScholarDigital Library
- C. Bernardeschi, N. D. Francesco, and G. Lettieri. An abstract semantics tool for secure information flow of stack-based assembly programs. Microprocessors and Microsystems, 26(8):391--398, 2002.]]Google ScholarCross Ref
- P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V. Wiels, and G. Zanon. Checking secure interactions of smart card applets. In ESORICS 2000 Proceedings, 2000.]] Google ScholarDigital Library
- D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Comm. ACM, 20(7):504--513, 1977.]] Google ScholarDigital Library
- X. Leroy. Java bytecode verification: an overview. In 13th International Conference on Computer Aided Verification, LNCS 2102, Proceedings, pages 265--285, July 2001.]] Google ScholarDigital Library
- M. Mizuno and D. A. Schmidt. A security flow control algorithm and its denotational semantics correctness proof. Formal Aspects of Computing, 4:727--754, 1992.]]Google ScholarCross Ref
- J. Possegga and H. Vogt. Bytecode verification for java smartcards based on model checking. In ESORICS 98 Proceedings, 1998.]] Google ScholarDigital Library
- F. Pottier and S. Conchon. Information flow inference for free. In ACM ICFP'00 Proceedings, pages 46--57, 2000.]] Google ScholarDigital Library
- Z. Qian. Standard fixpoint iteration for java bytecode verification. ACM Transactions on Programming Languages and Systems, 22(4):638--672, 2000.]] Google ScholarDigital Library
- E. Rose and K. Rose. Lightweight bytecode verification. In WFUJ 98 Proceedings, 1998.]]Google Scholar
- A. Sabelfeld and D. Sands. A per model of secure information flow in sequential programs. LNCS, 1576:40--58, 1996.]] Google ScholarDigital Library
- L. T. and F. Yellin. The Java virtual machine specification. Addison-Wesley Publishing Company, Reading, Massachusetts, 1996.]]Google Scholar
- D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167--187, 1996.]] Google ScholarDigital Library
- S. Zdancewic and A. Myers. Secure information flow and cps. LNCS, 2028:46--61, 2001.]] Google ScholarDigital Library
Index Terms
- Java bytecode verification for secure information flow
Recommendations
Checking secure information flow in java bytecode by code transformation and standard bytecode verification
A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type-level abstract interpretation of standard bytecode verification ...
Java bytecode verification on Java cards
SAC '04: Proceedings of the 2004 ACM symposium on Applied computingA Java program is usually translated into an intermediate language, known as Java Virtual Machine Language (JVML), which is then executed by a Java Virtual Machine (JVM). Before its execution a JVML program is verified to prevent a wide range of run-...
From CIL to Java bytecode: Semantics-based translation for static analysis leveraging
Highlights- A formal translation of CIL (.Net) bytecode into Java bytecode is introduced and proved sound w.r.t. the language semantics
AbstractA formal translation of CIL (i.e., .Net) bytecode into Java bytecode is introduced and proved sound with respect to the language semantics. The resulting code is then analyzed with Julia, an industrial static analyzer of Java bytecode. ...
Comments