Using Bytecode Instrumentation to Secure Information Flow in Multithreaded Java Applications

Author

Sharaf, Mohamed ; Jie Huang ; Chin-Tser Huang

Author_Institution

Dept. of Comput. Sci. & Eng., Univ. of South Carolina, Columbia, SC, USA

fYear

2013

fDate

8-11 July 2013

Firstpage

362

Lastpage

367

Abstract

Information leakage is considered one of the vulnerabilities that may exist in careless development of software applications or unreliable and untrusted COTS binaries. Providing security at the level of programming development is important because leaking sensitive information such as credit card number, cookies, passwords or SSN does not require a lot of bandwidth to get through. In this paper, we propose a Secure Information Flow for Multithreaded Java (SIF-MJ) model, to enforce security and enhance assurance in all information flows throughout the execution time of the application without violating any rules or properties of multithreaded application. SIF-MJ does not require modification on the underlying Java Virtual Machine (JVM), therefore our proposed model is applicable to the currently existing JVMs.

Keywords

Java; multi-threading; security of data; virtual machines; COTS binaries; JVM; Java virtual machine; SIF-MJ model; bytecode instrumentation; commercial off-the-shelf binaries; information leakage; secure information flow for multithreaded Java model; software applications; Computational modeling; Instruction sets; Instruments; Java; Runtime; Security; Unified modeling language; explicit flow; implicit flow; information flow control (IFC); information leakage; multithreaded application;

fLanguage

English

Publisher

ieee

Conference_Titel

Distributed Computing Systems Workshops (ICDCSW), 2013 IEEE 33rd International Conference on

Conference_Location

Philadelphia, PA

Print_ISBN

978-1-4799-3247-4

Type

conf

DOI

10.1109/ICDCSW.2013.15

Filename

6679915