Blogs (61) >>
ECOOP and ISSTA
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
Tue 17 Jul 2018 14:00 - 14:30 at Bangkok - Session 2 Chair(s): Frank S. de Boer

Software testing is the most commonly used technique in the industry to certify the correctness of software, including security properties like access control and data privacy. However, information flow control and the detection of information leaks using tests, without the use of specialized monitoring and assessment tools, is a demanding task.

In this paper, we tackle the challenge of dynamically tracking information flow in third-party Java-based applications, using dependent security levels. Dependent levels increase the expressiveness of traditional information flow control by parametrizing levels with context-related information and allowing for more detailed and fine-grained policies.

We present ongoing work on a specification and instrumentation approach for rewriting JVM compiled code with in-lined reference monitors. Our prototype works at the level of the single-static assignment SOOT intermediate language Shimple. We illustrate the approach with an example and present a working tool.

Tue 17 Jul

vortex-2018-papers
14:00 - 15:30: VORTEX - Session 2 at Bangkok
Chair(s): Frank S. de BoerCentrum Wiskunde & Informatica, Leiden University
vortex-2018-papers14:00 - 14:30
Talk
Eduardo Geraldo, João Costa SecoNOVA LINCS -- Universidade Nova de Lisboa
vortex-2018-papers14:30 - 15:00
Talk
vortex-2018-papers15:00 - 15:30
Talk
Giorgio AudritoUniversità di Torino, Ferruccio DamianiUniversity of Turin, Volker StolzHøgskulen på Vestlandet, Mirko ViroliUniversity of Bologna