Title :
Static analysis for computing escapability and mutability for Java components
Author :
Shi, Aiwu ; Naumovich, Gleb
Author_Institution :
Dept. of Comput. & Inf. Sci., Polytech. Univ., Brooklyn, NY, USA
fDate :
30 Sept.-1 Oct. 2005
Abstract :
A common theme in information security is protection of trusted software components against unauthorized access by untrusted users. In the context of distributed object technologies, such as Enterprise Java Beans, this means preventing leaks of sensitive information to untrusted users, as well as preventing untrusted users from modifying sensitive information. In this paper, we propose an approach for identification and classification of potentially sensitive information that can leak out of trusted software components to untrusted parties. Unlike the current approaches to securing information flow by extending the type system, our technique is based on static points-to, data- and control-dependence, and object mutability analyses.
Keywords :
Java; distributed object management; program diagnostics; security of data; Java components; control dependence; data dependence; distributed object technologies; escapability computing; information flow security; information security; mutability computing; object mutability analyses; sensitive information leakage; software component protection; static analysis; Application software; Control systems; Explosives; Information analysis; Information science; Information security; Java; Protection; Runtime; Taxonomy;
Conference_Titel :
Source Code Analysis and Manipulation, 2005. Fifth IEEE International Workshop on
Print_ISBN :
0-7695-2292-0
DOI :
10.1109/SCAM.2005.24
