{"title":"用于计算Java组件的可逃避性和可变性的静态分析","authors":"Aiwu Shi, G. Naumovich","doi":"10.1109/SCAM.2005.24","DOIUrl":null,"url":null,"abstract":"A common theme in information security is protection of trusted software components against unauthorized access by untrusted users. In the context of distributed object technologies, such as Enterprise Java Beans, this means preventing leaks of sensitive information to untrusted users, as well as preventing untrusted users from modifying sensitive information. In this paper, we propose an approach for identification and classification of potentially sensitive information that can leak out of trusted software components to untrusted parties. Unlike the current approaches to securing information flow by extending the type system, our technique is based on static points-to, data- and control-dependence, and object mutability analyses.","PeriodicalId":394744,"journal":{"name":"Fifth IEEE International Workshop on Source Code Analysis and Manipulation (SCAM'05)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Static analysis for computing escapability and mutability for Java components\",\"authors\":\"Aiwu Shi, G. Naumovich\",\"doi\":\"10.1109/SCAM.2005.24\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A common theme in information security is protection of trusted software components against unauthorized access by untrusted users. In the context of distributed object technologies, such as Enterprise Java Beans, this means preventing leaks of sensitive information to untrusted users, as well as preventing untrusted users from modifying sensitive information. In this paper, we propose an approach for identification and classification of potentially sensitive information that can leak out of trusted software components to untrusted parties. Unlike the current approaches to securing information flow by extending the type system, our technique is based on static points-to, data- and control-dependence, and object mutability analyses.\",\"PeriodicalId\":394744,\"journal\":{\"name\":\"Fifth IEEE International Workshop on Source Code Analysis and Manipulation (SCAM'05)\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Fifth IEEE International Workshop on Source Code Analysis and Manipulation (SCAM'05)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SCAM.2005.24\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Fifth IEEE International Workshop on Source Code Analysis and Manipulation (SCAM'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCAM.2005.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Static analysis for computing escapability and mutability for Java components
A common theme in information security is protection of trusted software components against unauthorized access by untrusted users. In the context of distributed object technologies, such as Enterprise Java Beans, this means preventing leaks of sensitive information to untrusted users, as well as preventing untrusted users from modifying sensitive information. In this paper, we propose an approach for identification and classification of potentially sensitive information that can leak out of trusted software components to untrusted parties. Unlike the current approaches to securing information flow by extending the type system, our technique is based on static points-to, data- and control-dependence, and object mutability analyses.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
