SNITCH: dynamic dependent Information flow for independent Java bytecode
Software testing is the most commonly used technique in the industry to certify the correctness of software, including security properties like access control and data privacy. However, information flow control and the detection of information leaks using tests, without the use of specialized monitoring and assessment tools, is a demanding task.
In this paper, we tackle the challenge of dynamically tracking information flow in third-party Java-based applications, using dependent security levels. Dependent levels increase the expressiveness of traditional information flow control by parametrizing levels with context-related information and allowing for more detailed and fine-grained policies.
We present ongoing work on a specification and instrumentation approach for rewriting JVM compiled code with in-lined reference monitors. Our prototype works at the level of the single-static assignment SOOT intermediate language Shimple. We illustrate the approach with an example and present a working tool.
Tue 17 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 15:30 | Session 2VORTEX at Bangkok Chair(s): Frank S. de Boer Centrum Wiskunde & Informatica, Leiden University | ||
14:00 30mTalk | SNITCH: dynamic dependent Information flow for independent Java bytecode VORTEX | ||
14:30 30mTalk | Implementing security protocol monitors VORTEX | ||
15:00 30mTalk | On Distributed runtime verification by aggregate computing VORTEX Giorgio Audrito Università di Torino, P: Ferruccio Damiani University of Turin, Volker Stolz Høgskulen på Vestlandet, Mirko Viroli University of Bologna | ||