Qualitative and Quantitative Analysis of Information Leakage in Java']Java Source Code

被引：0

作者：

Chen, Bo ^{[1
]}

Xu, Da-wei ^{[1
]}

Yu, Ling ^{[1
]}

机构：

[1] Nanjing Normal Univ, Dept Comp Sci, Nanjing 210097, Peoples R China

来源：

NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS | 2009年

关键词：

information leakage; covert channel; entropy; !text type='Java']Java[!/text; source code; software security;

D O I：

10.1109/NSWCTC.2009.317

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Java is a kind of type-safe language, it introduces access control mechanism into bytecode and application layer, so as to guarantee the system resource and running environment avoid the invasion of the malicious code. However, in some information systems, information leakage is not due to the faultiness of the security model, but the absence of the information flow control policy and implementation of that in the source code. So, it is necessary to analyze how information leaks through the source code. This paper surveys information leakage in Java source code by qualitative analysis, and after defining conditional information entropy of the variables, quantitative analysis of information-leak in code is given. Language-based software security researches, new direction in the development of high trusted software, are introduced finally.

引用

页码：338 / 342

页数：5

共 50 条

[1] Declarative Intraprocedural Flow Analysis of Java']Java Source Code
Nilsson-Nyman, Emma
Hedin, Gorel
Magnusson, Eva
Ekman, Torbjoern
[J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2009, 238 (05) : 155 - 171
[2] Qualitative and quantitative analysis and comparison of Java']Java distributed architectures
Rozman, Ivan
Juric, Matjaz B.
Golob, Izidor
Hericko, Marjan
[J]. SOFTWARE-PRACTICE & EXPERIENCE, 2006, 36 (14): : 1543 - 1562
[3] Java']Java Archives Search Engine Using Byte Code as Information Source
Karnalim, Oscar
Mandala, Rila
[J]. 2014 INTERNATIONAL CONFERENCE ON DATA AND SOFTWARE ENGINEERING (ICODSE), 2014,
[4] Java']JavaML: a markup language for Java']Java source code
Badros, GJ
[J]. COMPUTER NETWORKS, 2000, 33 (1-6) : 159 - 177
[5] Java']Java Source Code Defect Detection
Zhu, Hong
Jin, Dahai
[J]. 2015 8TH INTERNATIONAL CONFERENCE ON BIOMEDICAL ENGINEERING AND INFORMATICS (BMEI), 2015, : 695 - 699
[6] GUI Structure and Behavior from Java']Java Source Code Analysis
Gotti, Zineb
Mbarki, Samir
[J]. 2016 4TH IEEE INTERNATIONAL COLLOQUIUM ON INFORMATION SCIENCE AND TECHNOLOGY (CIST), 2016, : 251 - 256
[7] Indexing the Java']Java API using source code
Ma, Homan
Amor, Robert
Tempero, Ewan
[J]. ASWEC 2008: 19TH AUSTRALIAN SOFTWARE ENGINEERING CONFERENCE, PROCEEDINGS, 2008, : 451 - 460
[8] Topology Structure and Centrality in A Java']Java Source Code
Ying, Long
Ding, De-wu
[J]. 2012 IEEE INTERNATIONAL CONFERENCE ON GRANULAR COMPUTING (GRC 2012), 2012, : 787 - 789
[9] Automated Translation of Java']Java Source Code to Eiffel
Trudel, Marco
Oriol, Manuel
Furia, Carlo A.
Nordio, Martin
[J]. OBJECTS, MODELS, COMPONENTS, PATTERNS, TOOLS 2011, 2011, 6705 : 20 - 35
[10] To Generate the Ontology from Java']Java Source Code
Ganapathy, Gopinath
Sagayaraj, S.
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2011, 2 (02) : 111 - 116

← 1 2 3 4 5 →