INFORMATION FLOW SECURITY IN MULTITHREADED JAVA APPLICATIONS.
- Department Of Computer Science and Engineering , Galgotias University , Greater Noida-India.
31 Downloads
131 Views
Abstract
The information leakage would be an application weakness because it reveals the sensitive information such as the technical information of the web application, or an user specific data . The hacker can damage and exploit its hosting network , the web application , or its user by making the illegal use of the sensitive information. Therefore it is must to take the prevention measures for avoiding such breach in information flow . We are also concerned about the integrity of labeled data during program runtime , because there exist system calls and we want to make sure that during these calls the sensitive information should not be leaked. Took this issue in to consideration and enforced security policies by changing the JVM and the OS modules , providing its own Application Interface (API) to make sure of preserving labeled data integrity. Bytecode Instrumentation plays a vital role to prevent the sensitive information flow to the Input ?Output channel or to prevent the explicit information leakage . This paper is going to present all possible measures , models and techniques to provide the security to the data flow in multithreaded applications.
Keywords
Article Analytics
References
- Russo, A.Sabelfeld, ?Dynamic vs. static? flow sensitive? security analysis?,? Proceedings? of? 23rd IEEE? Computer? Security? Foundations? Symposium? 2010? (CSF \'10), July 2010.
- Sabelfeld, A. Myers, ?Language-based information-flow security?, IEEE Journal on Selected Areas in Communications, Vol. 21, No. 1, Jan. 2003.
- Lampson, ?A note on the confinement problem,? Communication Magazine of the ACM, Vol. 16, No. 10, pp. 613?615, 1973.
- Bell, L. LaPadula, ?Secure computer system: unified exposition and multics interpretation?, MTR-2997 Rev.1. Technical report, MITRE, 1976.
- King , Hicks ,? M. Hicks ,? T. Jaeger ,? ?Implicit? flows :? can?t? live? with? ?em,? can?t? live? without ?em? ,? LNCS 5352 ,? pp. 65-70 ,? Springer-Verlag? Berlin? Heidelberg 2008 (ICISS \'08) ,? Dec. 2008.
- Geoffrey Smith ?Principals for secure information analysis?January 2007
- Smith, ?Principles of secure information flow analysis?, Malware Detection, pp. 291-307, Springer-Verlag, 2007.
- I . Roy, D. Porter, Bond,? K. McKinley,? E. Witchel, ?Laminar:? practical? fine-grained? decentralized information? flow? control ? ,? Proceedings? of? the? ACM? SIGPLAN? Conference? on? Programming Language? Design? and? Implementation? 2009? (PLDI \'09) ,? June? 2009 .
- Howarth, I. Altas , B. Dalgarno, K.-F. Lee, ?Information? flow? controlusing? the? Java? Virtual Machine? Tool? Interface? (JVMTI)? ,? Proceedings? of? Fifth? International? Conference? on? Availability, Reliability ,? and? Security? 2010? (ARES \'10) ,? Feb. 2010.
- Clause, W. Li, A. Orso, ?Dytan: a generic dynamic taint analysis framework?, Proceedings of sInternational Symposium on Software Testing and Analysis 2007 (ISSTA \'07), July 2007.
- JPF, Java Path Finder, http://javapathfinder.sourceforge.net/ , Stable release 6.0/November 30 ,2010
- The Java Virtual Machine Specification ,TimLindholm ,Frank Yellin ,May 2014 http://java.sun.com/docs/books/jvms/second_edition/html/VMSpecTOC. doc.html
- VivekHaldar ,DeepakChandra ,Michael Franz?Dynamic taint propogation for java? IEEE Dec. 2005
- Newsome and D. Song, ?Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software?, ACM Transactions on Information and System Security, Volume 12, Issue 2, Dec. 2008.
- Language based information flow security in java , Kyle Pullicino, 30 dec 2014
- Mohamed Sharaf ,Jie Huang , Chin-TserHuang ,?Using bytecode instrumentation to secure information flow in multithreaded java applications?2013IEEE 33rd international conference on distributed computing systems .
- Li, S. Zdancewic, ?Downgrading policies and relaxed noninterference?, Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages 2005 (POP \'05), Jan. 2005.
- Nair, P. Simpson, B. Crispo, A. Tanenbaum, ?A Virtual machine based information flow control system for policy enforcement?, Journal of Electronic Notes in Theoretical Computer Science, Vol. 197, No. 1, pp. 3-16, Feb 2008.
- Yin Liu , Ana Milanova,?static information flow analysis with handling of implicit flows and a study on effects of explicits flows vs implicit flows? March 2010.
How to Cite This Article
Swati Pandey. (2017); INFORMATION FLOW SECURITY IN MULTITHREADED JAVA APPLICATIONS., Int. J. of Adv. Res., 5 (05), 1146-1157, ISSN 2320-5407. DOI: https://doi.org/10.21474/IJAR01/4225
Corresponding Author
This work is licensed under a Creative Commons Attribution 4.0 International License.





