When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser, security problems may arise. Here we present a method to check illicit flows in Java bytecode, that exploits the type-level abstract interpretation of bytecode verification. We present an algorithm transforming a bytecode into another one that, when abstractly executed by the standard bytecode Verifier, reveals illicit information flows. We show an example of application of the method.
Using Standard Verifier to Check Secure Information Flow in Java Bytecode
BERNARDESCHI, CINZIA;DE FRANCESCO, NICOLETTA;LETTIERI, GIUSEPPE
2002-01-01
Abstract
When an applet is sent over the internet, Java Virtual Machine code is transmitted and remotely executed. Because untrusted code can be executed on the local computer running the web browser, security problems may arise. Here we present a method to check illicit flows in Java bytecode, that exploits the type-level abstract interpretation of bytecode verification. We present an algorithm transforming a bytecode into another one that, when abstractly executed by the standard bytecode Verifier, reveals illicit information flows. We show an example of application of the method.File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
