A static secure flow analyzer for a subset of Java
Loading...
Authors
Harvey, James D.
Subjects
Secure Flow Analysis
Type Inference
Program Certification
Information Flow
Protection
Type Inference
Program Certification
Information Flow
Protection
Advisors
Volpano, Dennis M.
Date of Issue
1998-03-01
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
en_US
Abstract
As the number of computers and computer systems in existence has grown over the past few decades, we have come to depend on them to maintain the security of private or sensitive information. The execution of a program may cause leaks of private or sensitive information from the computer. Static secure flow analysis is an attempt to detect these leaks prior to program execution. It is possible to analyze programs by hand, but this is often impractical for large programs. A better approach is to automate the analysis, which is what this thesis explores. We describe some previous research and give background information about secure flow analysis. A secure flow analyzer is presented. It implements a secure flow type inference algorithm, for a subset of Java 1.0.2, using a parser generator called Java Compiler Compiler (JavaCC). Semantic actions are inserted into a grammar specification to perform the secure flow analysis on a given program
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
xii, 85 p.;28 cm.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.