Title :
Abstract interpretation for mobile code security
Author :
Lu, Dan ; Nakayama, Ken ; Kobayashi, Yoshitake ; Maekawa, Mamoru
Author_Institution :
Graduate Sch. of Inf. Syst., Univ. of Electro-Commun., Tokyo, Japan
Abstract :
To resolve the security problems of Java mobile code, we adapted the technique of type-level abstract interpretation to verify the security of mobile code statically. Instead of data types, the mobile code is executed abstractly at the level of security-level in our approach. Based on maintaining a distribution map of security-levels of the data in mobile code´s data containers, our approach detects data-leaking just before the mobile code tries to send sensitive data out of the host. By this way our approach could make less misjudgment that verifies secure mobile programs as malicious and be more efficient than the works in Bernardeschi C et al, (2002) and Avvenuti, M et al, (2003).
Keywords :
Java; distributed programming; security of data; Java mobile code security problems; abstract interpretation; data-leak detection; mobile code data containers; mobile code security; security-level distribution map; type-level abstract interpretation; Access control; Algorithms; Authentication; Containers; Data security; Information security; Information systems; Java; Mobile computing; Protection;
Conference_Titel :
Communications and Information Technology, 2005. ISCIT 2005. IEEE International Symposium on
Print_ISBN :
0-7803-9538-7
DOI :
10.1109/ISCIT.2005.1567061
