A Static Secure Flow Analyzer for a Subset of Java

Abstract

As the number of computers and computer systems in existence has grown over the past few decades, we have come to depend on them to maintain the security of private or sensitive information. The execution of a program may cause leaks of private or sensitive information from the computer. Static secure flow analysis is an attempt to detect these leaks prior to program execution. It is possible to analyze programs by hand, but this is often impractical for large programs. A better approach is to automate the analysis, which is what this thesis explores. We describe some previous research and give background information about secure flow analysis. A secure flow analyzer is presented. It implements a secure flow type inference algorithm, for a subset of Java 1.0.2, using a parser generator called Java Compiler Compiler (JavaCC). Semantic actions are inserted into a grammar specification to perform the secure flow analysis on a given program.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 1998
Accession Number
ADA343709

Entities

People

  • James D. Harvey

Organizations

  • Naval Postgraduate School

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Algorithms
  • Analyzers
  • Compilers
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Generators
  • Grammars
  • High Level Languages
  • Language
  • Lists (Data Structures)
  • Mathematics
  • Programming Languages
  • Specifications

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Systems Analysis and Design

Technology Areas

  • AI & ML