Using JOANA for information flow control in Java programs - A practical guide
Abstract
We present the JOANA (Java Object-sensitive ANAlysis) framework for information flow control (IFC) of Java programs. JOANA can analyze a given Java program and guarantee the absence of security leaks, e.g. that a online banking application does not send sensitive information to third parties. It applies a wide range of program analysis techniques such as dependence graph computation, slicing and chopping of sequential as well as concurrent programs. We introduce the Java Web Start application IFC Console and show how it can be used to apply JOANA to arbitrary programs in order to specify and verify security properties.
- Citation
- BibTeX
Graf, J., Hecker, M. & Mohr, M.,
(2013).
Using JOANA for information flow control in Java programs - A practical guide.
In:
Wagner, S. & Lichter, H.
(Hrsg.),
Software Engineering 2013 - Workshopband.
Bonn:
Gesellschaft für Informatik e.V..
(S. 123-138).
@inproceedings{mci/Graf2013,
author = {Graf, Jürgen AND Hecker, Martin AND Mohr, Martin},
title = {Using JOANA for information flow control in Java programs - A practical guide},
booktitle = {Software Engineering 2013 - Workshopband},
year = {2013},
editor = {Wagner, Stefan AND Lichter, Horst} ,
pages = { 123-138 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Graf, Jürgen AND Hecker, Martin AND Mohr, Martin},
title = {Using JOANA for information flow control in Java programs - A practical guide},
booktitle = {Software Engineering 2013 - Workshopband},
year = {2013},
editor = {Wagner, Stefan AND Lichter, Horst} ,
pages = { 123-138 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISBN: 978-3-88579-609-1
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2013
Language:
(en)

Content Type: Text/Conference Paper