Using JOANA for Information Flow Control in Java Programs - A Practical Guide
نویسندگان
چکیده
We present the JOANA (Java Object-sensitive ANAlysis) framework for information flow control (IFC) of Java programs. JOANA can analyze a given Java program and guarantee the absence of security leaks, e.g. that a online banking application does not send sensitive information to third parties. It applies a wide range of program analysis techniques such as dependence graph computation, slicing and chopping of sequential as well as concurrent programs. We introduce the Java Web Start application IFC Console and show how it can be used to apply JOANA to arbitrary programs in order to specify and verify security properties.
منابع مشابه
Slicing of Concurrent Programs and its Application to Information Flow Control
Information flow control is concerned with the security of sensitive information being processed by a software. It aims to ensure that software does not leak rightfully accessed sensitive information to unauthorized sinks or taints it with data from unauthorized sources during its computations. It can be used supplementary to established security techniques like access control or encryption to ...
متن کاملInformation Flow Control with System Dependence Graphs - Improving Modularity, Scalability and Precision for Object Oriented Languages
This work is concerned with the field of static program analysis —in particular with analyses aimed to guarantee certain security properties of programs, like confidentiality and integrity. Our approach uses socalled dependence graphs to capture the program behavior as well as the information flow between the individual program points. Using this technique, we can guarantee for example that a p...
متن کاملChecking probabilistic noninterference using JOANA
JOANA is a tool for software security analysis, checking up to 100kLOC of full multi-threaded Java. JOANA is based on sophisticated program analysis techniques and thus very precise. It includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations and has a nice GUI. The tool is open source and was applied in several case studies. The article pres...
متن کاملTool Demonstration: JOANA
JOANA is a tool for information flow control, which can handle full Java with unlimited threads and scales to ca. 100kLOC. JOANA uses a new algorithm for checking probabilistic noninterference, named RLSOD. JOANA uses a stack of sophisticated program analysis techniques which minimise false alarms. JOANA is open source (joana.ipd.kit.edu) and offers an Eclipse GUI as well as an API. The current...
متن کاملProgramming With Information Flow-Control
We informally introduce here the information flow-control domain. We then present two theoretical layouts for developping programming language with information flow-control. The approach is semantic-based and allows programs to be statically type-checked. We then consider its practical use, through the so-called Paragon language, extending Java in a user-friendly way. We’ll be especially inters...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013