@InProceedings{BeckertBrunsKlebanovEA2013,
author = {Bernhard Beckert and Daniel Bruns and Vladimir Klebanov
and Christoph Scheben and Peter H. Schmitt and Mattias
Ulbrich},
title = {Information Flow in Object-Oriented Software},
booktitle = {23rd International Symposium on Logic-Based Program
Synthesis and Transformation ({LOPSTR} 2013), Revised
Selected Papers},
editor = {Gopal Gupta and Ricardo Pe{\~n}a},
language = {english},
year = {2013},
month = sep,
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = {8901},
pages = {19--37},
doi = {10.1007/978-3-319-14125-1_2},
isbn = {978-3-319-14125-1},
abstract = {This paper contributes to the investigation of
object-sensitive information-flow properties for sequential
Java, i.e., properties that take into account information
leakage through objects, as opposed to primitive values. We
present two improvements to a popular object-sensitive
non-interference property. Both reduce the burden on
analysis and monitoring tools. The second contribution is a
formalization of this property in a program logic -- JavaDL
in our case -- which allows using an existing tool without
requiring program modification. The third contribution is a
novel fine-grained specification methodology. In our
approach, arbitrary JavaDL terms (read side-effect-free
Java expressions) may be assigned a security level -- in
contrast to security labels being attached to fields and
variables only.}
}
Information Flow in Object-Oriented Software
| Autor(en): | Bernhard Beckert, Daniel Bruns, Vladimir Klebanov, Christoph Scheben, Peter H. Schmitt und Mattias Ulbrich |
|---|---|
| In: | 23rd International Symposium on Logic-Based Program Synthesis and Transformation (LOPSTR 2013), Revised Selected Papers |
| Verleger: | Springer |
| Reihe: | Lecture Notes in Computer Science |
| Band: | 8901 |
| Jahr: | 2013 |
| Seiten: | 19-37 |
| DOI: | 10.1007/978-3-319-14125-1_2 |
Abstract
This paper contributes to the investigation of object-sensitive information-flow properties for sequential Java, i.e., properties that take into account information leakage through objects, as opposed to primitive values. We present two improvements to a popular object-sensitive non-interference property. Both reduce the burden on analysis and monitoring tools. The second contribution is a formalization of this property in a program logic – JavaDL in our case – which allows using an existing tool without requiring program modification. The third contribution is a novel fine-grained specification methodology. In our approach, arbitrary JavaDL terms (read side-effect-free Java expressions) may be assigned a security level – in contrast to security labels being attached to fields and variables only.