DocumentCode :
2416691
Title :
Using standard verifier to check secure information flow in Java bytecode
Author :
Bernardeschi, Cinzia ; De Francesco, Nicoletta ; Lettieri, Giuseppe
Author_Institution :
Dipt. di Ingegneria dell´´Informazione, Pisa Univ., Italy
fYear :
2002
fDate :
2002
Firstpage :
850
Lastpage :
855
Abstract :
When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser security problems may arise. We present a method to check illicit flows in Java bytecode, that exploits the type-level abstract interpretation of bytecode verification. We present an algorithm transforming a bytecode into another one that, when abstractly executed by the standard bytecode verifier, reveals illicit information flows. We show an example of application of the method
Keywords :
Java; formal verification; security of data; virtual machines; Internet; Java Virtual Machine code; Java bytecode; applet; bytecode verification; illicit flows; secure information flow; security problems; standard verifier; type-level abstract interpretation; untrusted code; web browser; Application software; Computer security; Data analysis; Data security; Information security; Internet; Java; Multilevel systems; Runtime; Virtual machining;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Software and Applications Conference, 2002. COMPSAC 2002. Proceedings. 26th Annual International
Conference_Location :
Oxford
ISSN :
0730-3157
Print_ISBN :
0-7695-1727-7
Type :
conf
DOI :
10.1109/CMPSAC.2002.1045113
Filename :
1045113
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2416691
بازگشت