Title :
Secure Information Flow in Java via Reachability Analysis of Pushdown System
Author :
Sun, Cong ; Tang, Liyong ; Chen, Zhong
Author_Institution :
Inst. of Software, Peking Univ., Beijing, China
Abstract :
Automated verification of noninterference is commonly considered more precise than type-based approach on enforcing secure information flow for program. We propose an approach on model checking symbolic pushdown system generated from Java bytecode, and develop a deployment-time verification framework to ensure noninterference of bytecode. In order to overcome the constraints brought by the nature of object-oriented language and application scenario, we extend self-composition to low-recorded self-composition to reduce the partial correctness judgements on safety property to reachability analysis. In this variation, meta-level indices of heap are recorded into the self-composed pushdown system for the construction of auxiliary interleaving assignments and branch condition to illegal-flow state. Our experiments show that the approach is more scalable than previous work based on automated verification.
Keywords :
Java; formal verification; object-oriented languages; reachability analysis; security of data; Java bytecode; auxiliary interleaving assignments; deployment time verification framework; low recorded self-composition; model checking symbolic pushdown system; noninterference automated verification; object-oriented language; partial correctness judgements reduction; reachability analysis; secure information flow; self-composed pushdown system; Analytical models; Indexes; Java; Object oriented modeling; Reachability analysis; Security; Software; information flow; noninterference; pushdown system; reachability analysis; self-composition;
Conference_Titel :
Quality Software (QSIC), 2010 10th International Conference on
Conference_Location :
Zhangjiajie
Print_ISBN :
978-1-4244-8078-4
Electronic_ISBN :
1550-6002
DOI :
10.1109/QSIC.2010.50
