Class properties for security review in an object-capability subset of Java: (short paper)

Abstract

Joe-E is a subset of the Java language, with additional restrictions enforced by a static source-code verifier. We explore several semantic properties of classes relating to immutability and object identity that can be declared by the programmer and are checked by the Joe-E verifier. We present the simple, modular analyses we use to verify these properties and describe how they are useful in performing security reviews of applications.