Title :
Using Bytecode Instrumentation to Secure Information Flow in Multithreaded Java Applications
Author :
Sharaf, Mohamed ; Jie Huang ; Chin-Tser Huang
Author_Institution :
Dept. of Comput. Sci. & Eng., Univ. of South Carolina, Columbia, SC, USA
Abstract :
Information leakage is considered one of the vulnerabilities that may exist in careless development of software applications or unreliable and untrusted COTS binaries. Providing security at the level of programming development is important because leaking sensitive information such as credit card number, cookies, passwords or SSN does not require a lot of bandwidth to get through. In this paper, we propose a Secure Information Flow for Multithreaded Java (SIF-MJ) model, to enforce security and enhance assurance in all information flows throughout the execution time of the application without violating any rules or properties of multithreaded application. SIF-MJ does not require modification on the underlying Java Virtual Machine (JVM), therefore our proposed model is applicable to the currently existing JVMs.
Keywords :
Java; multi-threading; security of data; virtual machines; COTS binaries; JVM; Java virtual machine; SIF-MJ model; bytecode instrumentation; commercial off-the-shelf binaries; information leakage; secure information flow for multithreaded Java model; software applications; Computational modeling; Instruction sets; Instruments; Java; Runtime; Security; Unified modeling language; explicit flow; implicit flow; information flow control (IFC); information leakage; multithreaded application;
Conference_Titel :
Distributed Computing Systems Workshops (ICDCSW), 2013 IEEE 33rd International Conference on
Conference_Location :
Philadelphia, PA
Print_ISBN :
978-1-4799-3247-4
DOI :
10.1109/ICDCSW.2013.15
