Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Automated Analysis of Java Methods for Confidentiality
 

Summary: Automated Analysis of Java Methods for
Confidentiality
Pavol Cern´y and Rajeev Alur
University of Pennsylvania
{cernyp,alur}@cis.upenn.edu
Abstract. We address the problem of analyzing programs such as J2ME
midlets for mobile devices, where a central correctness requirement con-
cerns confidentiality of data that the user wants to keep secret. Existing
software model checking tools analyze individual program executions,
and are not applicable to checking confidentiality properties that re-
quire reasoning about equivalence among executions. We develop an au-
tomated analysis technique for such properties. We show that both over-
and under- approximation is needed for sound analysis. Given a program
and a confidentiality requirement, our technique produces a formula that
is satisfiable if the requirement holds. We evaluate the approach by an-
alyzing bytecode of a set of Java (J2ME) methods.
1 Introduction
Security properties based on information flow, such as confidentiality, are increas-
ingly becoming a concern in software development [28]. This motivates research
in verification techniques for establishing that a given program preserves confi-

  

Source: Alur, Rajeev - Department of Computer and Information Science, University of Pennsylvania

 

Collections: Computer Technologies and Information Sciences