Qualitative and Quantitative Analysis of Information Leakage in Java']Java Source Code

被引：0

作者：

Chen, Bo ^{[1
]}

Xu, Da-wei ^{[1
]}

Yu, Ling ^{[1
]}

机构：

[1] Nanjing Normal Univ, Dept Comp Sci, Nanjing 210097, Peoples R China

来源：

NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS | 2009年

关键词：

information leakage; covert channel; entropy; !text type='Java']Java[!/text; source code; software security;

D O I：

10.1109/NSWCTC.2009.317

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Java is a kind of type-safe language, it introduces access control mechanism into bytecode and application layer, so as to guarantee the system resource and running environment avoid the invasion of the malicious code. However, in some information systems, information leakage is not due to the faultiness of the security model, but the absence of the information flow control policy and implementation of that in the source code. So, it is necessary to analyze how information leaks through the source code. This paper surveys information leakage in Java source code by qualitative analysis, and after defining conditional information entropy of the variables, quantitative analysis of information-leak in code is given. Language-based software security researches, new direction in the development of high trusted software, are introduced finally.

引用

页码：338 / 342

页数：5

共 50 条

[41] Finding Source Code Clones in Intermediate Representations of Java']Java Bytecode
Schaefer, Andre
Heinze, Thomas S.
Amme, Wolfram
[J]. 2023 IEEE 17TH INTERNATIONAL WORKSHOP ON SOFTWARE CLONES, IWSC 2023, 2023, : 37 - 43
[42] Fisheye views of Java']Java source code: An updated LOD algorithm
Finlayson, J. Louise
Mellish, Chris
Masthoff, Judith
[J]. UNIVERSAL ACCESS IN HUMAN-COMPUTER INTERACTION: APPLICATIONS AND SERVICES, PT 3, PROCEEDINGS, 2007, : 289 - +
[43] Hybrid Technique for Complexity Analysis for Java']Java Code
Al-Batah, Mohammad Subhi
Alhindawi, Nouh
Malkawi, Rami
Al Zuraiqi, Ahmad
[J]. INTERNATIONAL JOURNAL OF SOFTWARE INNOVATION, 2019, 7 (03) : 118 - 133
[44] Systematic Exhortation of Code Smell Detection Using JS']JSmell for Java']Java Source Code
Sangeetha, M.
Sengottuvelan, P.
[J]. PROCEEDINGS OF THE 2017 INTERNATIONAL CONFERENCE ON INVENTIVE SYSTEMS AND CONTROL (ICISC 2017), 2017, : 384 - 388
[45] Expert system for extracting syntactic information from Java']Java code
Depradine, C
[J]. EXPERT SYSTEMS WITH APPLICATIONS, 2003, 25 (02) : 187 - 198
[46] STUBBER: Compiling Source Code into Bytecode without Dependencies for Java']Java Code Clone Detection
Schafer, Andre
Amme, Wolfram
Heinze, Thomas S.
[J]. 2021 IEEE 15TH INTERNATIONAL WORKSHOP ON SOFTWARE CLONES, IWSC 2021, 2021, : 29 - 35
[47] Model-based Static Source Code Analysis of Java']Java Programs with Applications to Android Security
Lu, Zheng
Mukhopadhyay, Supratik
[J]. 2012 IEEE 36TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), 2012, : 322 - 327
[48] An analysis of programming language statement frequency in C, C plus plus , and Java']Java source code
Zhu, Xiaoyan
Whitehead, E. James
Sadowski, Caitlin
Song, Qinbao
[J]. SOFTWARE-PRACTICE & EXPERIENCE, 2015, 45 (11): : 1479 - 1495
[49] Information flow analysis for Java']Java bytecode
Genaim, S
Spoto, F
[J]. VERIFICATION, MODEL CHECKING, AND ABSTRACT INTERPRETATION, PROCEEDINGS, 2005, 3385 : 346 - 362
[50] Code Reuse in Stack Overflow and Popular Open Source Java']Java Projects
Lotter, Adriaan
Licorish, Sherlock A.
Savarimuthu, Bastin Tony Roy
Meldrum, Sarah
[J]. 2018 25TH AUSTRALASIAN SOFTWARE ENGINEERING CONFERENCE (ASWEC), 2018, : 141 - 150

← 1 2 3 4 5 →