Blogs (61) >>
Tue 17 Jul 2018 14:00 - 14:30 at Bangkok - Session 2 Chair(s): Frank S. de Boer

Software testing is the most commonly used technique in the industry to certify the correctness of software, including security properties like access control and data privacy. However, information flow control and the detection of information leaks using tests, without the use of specialized monitoring and assessment tools, is a demanding task.

In this paper, we tackle the challenge of dynamically tracking information flow in third-party Java-based applications, using dependent security levels. Dependent levels increase the expressiveness of traditional information flow control by parametrizing levels with context-related information and allowing for more detailed and fine-grained policies.

We present ongoing work on a specification and instrumentation approach for rewriting JVM compiled code with in-lined reference monitors. Our prototype works at the level of the single-static assignment SOOT intermediate language Shimple. We illustrate the approach with an example and present a working tool.

Tue 17 Jul

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30
Session 2VORTEX at Bangkok
Chair(s): Frank S. de Boer Centrum Wiskunde & Informatica, Leiden University
14:00
30m
Talk
SNITCH: dynamic dependent Information flow for independent Java bytecode
VORTEX
P: Eduardo Geraldo , João Costa Seco NOVA LINCS -- Universidade Nova de Lisboa
14:30
30m
Talk
Implementing security protocol monitors
VORTEX
15:00
30m
Talk
On Distributed runtime verification by aggregate computing
VORTEX
Giorgio Audrito Università di Torino, P: Ferruccio Damiani University of Turin, Volker Stolz Høgskulen på Vestlandet, Mirko Viroli University of Bologna