Securing Class Initialization
Paper in proceedings, 2010

Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, the impact of class initialization on information flow has been so far largely unexplored. This paper turns the spotlight on security implications of class initialization. We discuss the subtleties of information propagation when classes are initialized and propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and effect system for a simple language. We show how to extend the formalization to a language with exception handling.

Author

Keiko Nakata

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

Andrei Sabelfeld

Chalmers, Computer Science and Engineering (Chalmers), Software Engineering and Technology (Chalmers)

IFIP Advances in Information and Communication Technology

1868-4238 (ISSN) 1868-422X (eISSN)

Vol. 321 48-62

Areas of Advance

Information and Communication Technology

Subject Categories

Software Engineering

Computer Science

ISBN

978-364213445-6

More information

Created

10/7/2017