Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Automated Analysis of Java Methods for Confidentiality

Summary: Automated Analysis of Java Methods for
Pavol Cern´y and Rajeev Alur
University of Pennsylvania
Abstract. We address the problem of analyzing programs such as J2ME
midlets for mobile devices, where a central correctness requirement con-
cerns confidentiality of data that the user wants to keep secret. Existing
software model checking tools analyze individual program executions,
and are not applicable to checking confidentiality properties that re-
quire reasoning about equivalence among executions. We develop an au-
tomated analysis technique for such properties. We show that both over-
and under- approximation is needed for sound analysis. Given a program
and a confidentiality requirement, our technique produces a formula that
is satisfiable if the requirement holds. We evaluate the approach by an-
alyzing bytecode of a set of Java (J2ME) methods.
1 Introduction
Security properties based on information flow, such as confidentiality, are increas-
ingly becoming a concern in software development [28]. This motivates research
in verification techniques for establishing that a given program preserves confi-


Source: Alur, Rajeev - Department of Computer and Information Science, University of Pennsylvania


Collections: Computer Technologies and Information Sciences