A Static Secure Flow Analyzer for a Subset of Java
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
As the number of computers and computer systems in existence has grown over the past few decades, we have come to depend on them to maintain the security of private or sensitive information. The execution of a program may cause leaks of private or sensitive information from the computer. Static secure flow analysis is an attempt to detect these leaks prior to program execution. It is possible to analyze programs by hand, but this is often impractical for large programs. A better approach is to automate the analysis, which is what this thesis explores. We describe some previous research and give background information about secure flow analysis. A secure flow analyzer is presented. It implements a secure flow type inference algorithm, for a subset of Java 1.0.2, using a parser generator called Java Compiler Compiler JavaCC. Semantic actions are inserted into a grammar specification to perform the secure flow analysis on a given program.
- Computer Programming and Software