Sciweavers

Share
ACSAC
2007
IEEE

Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine

9 years 6 months ago
Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine
We have implemented an information flow framework for the Java Virtual Machine that combines static and dynamic techniques to capture not only explicit flows, but also implicit ones resulting from control flow. Unlike other approaches that freeze policies at time of compilation, our system truly separates policy and enforcement mechanism and thereby permits policy changes even while a program is running. Ahead of execution, we run a static analysis that annotates an executable with information-flow information. During execution, we then use the annotations to safely update the labels of variables that lie in alternative paths of execution while enforcing the policy currently in place. Our framework doesn’t require access to source code and is fully backward-compatible with existing Java class files. Preliminary benchmark results suggest that the run-time overhead of information flow techniques such as ours is well within acceptable range for many application domains.
Deepak Chandra, Michael Franz
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ACSAC
Authors Deepak Chandra, Michael Franz
Comments (0)
books