[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Runtime info flow in Java




Hi!

I'm presenting my licentiate research proposal
next week, and I thought that some of you might
find it interesting. I'd like to find others
that are working with similar projects, to have
some people to discuss with.

The actual proposal is available at 

     http://www.it.kth.se/~cwe/phd/licprop.ps

I've included an abstract below.

Comments are most welcome.

Regards,
	Christian Wettergren
	KTH/Teleinformatics.



Licentiate Thesis Proposal Seminar 
==================================

Title: "Runtime Information Flow Analysis and Security" 

Candidate: Christian Wettergren
Time:      Wednesday, 15th May, 15:00--16:00
Place:     Room Telegrafen, Dept. of Teleinformatics, KTH, 
           Electrum Bldg., lift B, 5th floor, Kistagangen 16, 
           16440 Kista, Sweden
Committee: Gerald Maguire, KTH/Teleinformatics
           Sead Muftic, SU/DSV
           Enn Tuygu, KTH/Teleinformatics

Abstract:

Today's computer security systems are fragile and brittle. I
believe this statement to be consistent with practical experiences.
One can for example observe the regularity of alerts from CERT. 

Many of the problems are caused by data-driven bugs in application 
programs. It is important to find a security paradigm that is more
stable for the communicative and networked world of tomorrow.

I propose a new way of doing information flow analysis of programs.
This information flow analysis is done in runtime, and will provide
detailed information about influences of the process to the 
access control decision process. The information flow is based on
sets of subjects instead of preallocated security classes, thus 
decoupling the flow analysis from the access control.

The runtime analysis is performed by special code that is run along
with the original program. It shadows the computation and keeps track
of the information flows within the program. A special compiler
emits this shadow code. I will implement such a compiler for the
Java language. Issues about the compiler and the shadow code will 
be discussed in the thesis. The thesis will also investigate the 
behaviour of the shadow code for programs with different communication
patterns.

For more information contact Christian Wettergren, +46 (0)8-751 14 91,
[email protected]. You can also retrieve the licentiate thesis proposal 
from http://www.it.kth.se/~cwe/phd/licprop.ps.