Using Standard Verifier to Check Secure Information Flow in Java Bytecode

Cinzia Bernardeschi; Nicoletta De Francesco; Giuseppe Lettieri

doi:10.1109/CMPSAC.2002.1045113

Proceedings 26th Annual International Computer Software and Applications

Using Standard Verifier to Check Secure Information Flow in Java Bytecode

Year: 2002, Pages: 850

DOI Bookmark: 10.1109/CMPSAC.2002.1045113

Authors

Cinzia Bernardeschi, Università di Pisa
Nicoletta De Francesco, Università di Pisa
Giuseppe Lettieri, Università di Pisa

Abstract

When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser, security problems may arise. Here we present a method to check illicit flows in Java bytecode, that exploits the type-level abstract interpretation of bytecode verification. We present an algorithm transforming a bytecode into another one that, when abstractly executed by the standard bytecode Verifier, reveals illicit information flows. We show an example of application of the method.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

Dependence Analysis of Java Bytecode
Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000
Mobile Code Security by Java Bytecode Instrumentation
DARPA Information Survivability Conference and Exposition,
Retargetable Code Generator for Java Bytecode
High-Performance Computing in the Asia-Pacific Region, International Conference on
Dynamic Bytecode Usage by Object Oriented Java Programs
Proceedings of TOOLS Europe '99: Technology of Object Oriented Languages and Systems. 29th International Conference
An Evaluation of Current Java Bytecode Decompilers
2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation
Toward a Provably-Correct Implementation of the JVM Bytecode Verifier
DARPA Information Survivability Conference and Exposition,
Reengineering Standard Java Runtime Systems through Dynamic Bytecode Instrumentation
Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007)
PicoJava: A Direct Execution Engine For Java Bytecode
Computer
MMT: Mutation Testing of Java Bytecode with Model Transformation
2023 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C)
Finding Source Code Clones in Intermediate Representations of Java Bytecode
2023 IEEE 17th International Workshop on Software Clones (IWSC)

Using Standard Verifier to Check Secure Information Flow in Java Bytecode

Authors

Abstract

Related Articles