Title :
Qualitative and Quantitative Analysis of Information Leakage in Java Source Code
Author :
Chen, Bo ; Xu, Da-wei ; Yu, Ling
Author_Institution :
Dept. of Comput. Sci., Nanjing Normal Univ., Nanjing
Abstract :
Java is a kind of type-safe language, it introduces access control mechanism into bytecode and application layer, so as to guarantee the system resource and running environment avoid the invasion of the malicious code. However, in some information systems, information leakage is not due to the faultiness of the security model, but the absence of the information flow control policy and implementation of that in the source code. So, it is necessary to analyze how information leaks through the source code. This paper surveys information leakage in Java source code by qualitative analysis, and after defining conditional information entropy of the variables, quantitative analysis of information-leak in code is given. Language-based software security researches, new direction in the development of high trusted software, are introduced finally.
Keywords :
Java; security of data; source coding; Java; access control mechanism; high trusted software; information leakage; malicious code; qualitative analysis; quantitative analysis; software security; Access control; Application software; Computer networks; Computer security; Data security; Information analysis; Information security; Information systems; Java; Memory management; Java; covert channel; entropy; information leakage; software security; source code;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.317
