Monitoring explicit information flow using Java byte-code instrumentation

Computer systems are verified to check the correctness or validated to check the performance of the software system with respect to specific security properties such as Integrity, Availability and Confidentiality. that is made available by the end users of the software is achievable only to a limited degree using static verification techniques. The more sensitive the information, such as credit card data, government intelligence or personal medical information being processed by software, the more important it is to ensure the confidentiality of this information. Monitoring untrusted programs during execution in an environment where sensitive information is present is difficult and unnerving. The issues is how to control the confidential information flow during untrusted program execution. In this paper we present one component of our novel framework for supporting user interaction with running program to modify the way information flow or to change program behaviour. We present prototype of our runtime verification framework of controlling information flow with more focus on Assertion points.