Improving Data Integrity with a Java Mutability Analysis

Author

Shi, Aiwu ; Naumovich, Gleb

Author_Institution

Polytech. Univ., Brooklyn

fYear

2007

fDate

4-7 Dec. 2007

Firstpage

135

Lastpage

142

Abstract

This paper presents a static mutability analysis approach relying on escape information for Java components and uses the techniques to detect the security threats to data integrity before software components are deployed. In order to increase the precision of our analysis, we make a couple of significant modifications to mutability definitions based on previous work in the context of components. We extended our security analysis tool SecDetector with proposed mutability analysis, and used it to find potential threats to data integrity in Java components and lead developers to fix the security flaws. On the benchmarks in our experimental evaluation, we show that our tool can correctly find potential modification access violations with few false positives and provide evidence of the effectiveness of our techniques. While the analysis techniques are in the context of Java code, the basic concepts are applicable to other object-oriented programming languages as well.

Keywords

Java; data integrity; security of data; Java mutability analysis; SecDetector security analysis tool; data integrity; object-oriented programming languages; potential modification access violations; security threats; software components; Accidents; Computer security; Data security; Information analysis; Information science; Information security; Java; Object oriented programming; Packaging; Software engineering;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering Conference, 2007. APSEC 2007. 14th Asia-Pacific

Conference_Location

Aichi

ISSN

1530-1362

Print_ISBN

0-7695-3057-5

Type

conf

DOI

10.1109/ASPEC.2007.23

Filename

4425847