Evaluation of Jif and Joana as Information Flow Analyzers in a Model-Driven Approach
作者: Kuzman Katkalov , Peter Fischer , Kurt Stenzel , Nina Moebius , Wolfgang Reif
DOI: 10.1007/978-3-642-35890-6_13
关键词: Information flow (information theory) 、 SIMPLE (military communications protocol) 、 Spectrum analyzer 、 Formal verification 、 Software engineering 、 Task (computing) 、 Theoretical computer science 、 Control (management) 、 Context (language use) 、 Computer science 、 Java
摘要: Checking for information leaks in real-world applications is a difficult task. IFlow model-driven approach which allows to develop flow-secure using intuitive modeling guidelines. It supports the automatic generation of partial Java code while also providing developer with ability formally verify complex flow properties. To simplify formal verification, we integrate an application analyzer, allowing check simple noninterference In this paper, evaluate both Jif and Joana as such analyzers determine best suiting control tool context of, but not limited approach.
springer.com
sci-hub.st 参考文章(13)
Christian Hammer, Experiences with PDG-Based IFC Lecture Notes in Computer Science. pp. 44- 60 ,(2010) , 10.1007/978-3-642-11747-3_4
Damien Octeau, William Enck, Patrick McDaniel, Swarat Chaudhuri, A study of android application security usenix security symposium. pp. 21- 21 ,(2011)
Michael Balser, Wolfgang Reif, Gerhard Schellhorn, Kurt Stenzel, Andreas Thums, Formal System Development with KIV fundamental approaches to software engineering. pp. 363- 366 ,(2000) , 10.1007/3-540-46428-X_25
Christian Hammer, Gregor Snelting, Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs International Journal of Information Security. ,vol. 8, pp. 399- 422 ,(2009) , 10.1007/S10207-009-0086-1
Soren Preibusch, Information Flow Control for Static Enforcement of User-Defined Privacy Policies ieee international symposium on policies for distributed systems and networks. pp. 133- 136 ,(2011) , 10.1109/POLICY.2011.23
Gregor Snelting, Torsten Robschink, Jens Krinke, Efficient path conditions in dependence graphs for software safety analysis ACM Transactions on Software Engineering and Methodology. ,vol. 15, pp. 410- 457 ,(2006) , 10.1145/1178625.1178628
Norm Hardy, The Confused Deputy: (or why capabilities might have been invented) Operating Systems Review. ,vol. 22, pp. 36- 38 ,(1988) , 10.1145/54289.871709
Mark Harman, Jens Krinke, Empirical study of optimization techniques for massive slicing ACM Transactions on Programming Languages and Systems. ,vol. 30, pp. 3- ,(2007) , 10.1145/1290520.1290523
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779
Úlfar Erlingsson, Nicola Zannone, Roelf J. Wieringa, Engineering Secure Software and Systems ,(2011)