Accession Number:

ADA343709

Title:

A Static Secure Flow Analyzer for a Subset of Java

Descriptive Note:

Master's thesis

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

• Harvey, James D.

Report Date:

1998-03-01

Pagination or Media Count:

98.0

Abstract:

As the number of computers and computer systems in existence has grown over the past few decades, we have come to depend on them to maintain the security of private or sensitive information. The execution of a program may cause leaks of private or sensitive information from the computer. Static secure flow analysis is an attempt to detect these leaks prior to program execution. It is possible to analyze programs by hand, but this is often impractical for large programs. A better approach is to automate the analysis, which is what this thesis explores. We describe some previous research and give background information about secure flow analysis. A secure flow analyzer is presented. It implements a secure flow type inference algorithm, for a subset of Java 1.0.2, using a parser generator called Java Compiler Compiler JavaCC. Semantic actions are inserted into a grammar specification to perform the secure flow analysis on a given program.

Descriptors:

• *SOFTWARE ENGINEERING
• *DATA PROCESSING SECURITY
• *COMPUTER PROGRAM VERIFICATION
• ALGORITHMS
• DATA MANAGEMENT
• INFORMATION EXCHANGE
• THESES
• THREAT EVALUATION
• COMPILERS
• COMPUTER PROGRAM RELIABILITY

Subject Categories:

• Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE