A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Language Issues in Mobile Program Security
[chapter]
1998
Lecture Notes in Computer Science
Preserved Fulltext
This may seem a bit artificial since one might like to model security more symmetrically. 1 Nonetheless, it is a useful distinction for now. ...
This requires a better understanding of the relationship between programming language design and security. Appropriate security properties must be identified. ...
There are many reasons why programs written in languages like Java and C may produce runtime errors. Invalid class formats in Java and invalid pointer arithmetic in C are examples. ...
doi:10.1007/3-540-68671-1_3
fatcat:d7znuwyxzfasndcoy3y5fiyyya
Software Security analysis, static and dynamic testing in java and C environment, a comparative study
[article]
2012
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
I used tools confined to JAVA to test as how weak points in the code can be rectified before compiled. ...
The byte code theft is difficult to be conquered, so it's a better to get rid of it in the plain java code itself. ...
All these counters are derived from information contained in Java class files which basically are Java byte code instructions and debug information optionally embedded in class files. ...
arXiv:1208.3205v1
fatcat:4z4ta3o6cnac7cjscjxhsyr3ha
Recent Developments in Low-Level Software Security
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is application/pdf.
In this paper we discuss state-of-the-art approaches for securing code written in C-like languages for both attacker models discussed above, and we highlight some very recent developments in low-level ...
For instance a malicious natively implemented function called from a Java program can attack the Java program in very powerful ways and such attacks wil again depend essentially on many details of the ...
Relevant parameters and control flow information must be moved between these stacks on entry and exit points. ...
doi:10.1007/978-3-642-30955-7_1
fatcat:dee3rn5l3ndyhkopj67nir6s5a
Hardware and software support for fine-grained memory access control and encapsulation in C++
2013
Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity - SPLASH '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Compilers can verify that code adheres to specifiers, but verification can be broken in languages like C++ by unchecked pointers. Thus, C++ programmers are taught that "private is not secure." ...
We propose hardware and software support to confine memory accesses in fine-grained memory regions that isolate within and between objects so that C++ programs can enforce encapsulation and prevent pointer-based ...
Conclusion We demonstrated that fine-grained memory protection can support OOP languages like C++. Future work can implement and evaluate more OOP features and real applications. ...
doi:10.1145/2508075.2508091
dblp:conf/oopsla/LeontieBS13
fatcat:uegkya2p2ra53mhjtlwdmwoisq
System Programming in Rust
2017
ACM SIGOPS Operating Systems Review
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability ...
Rust is a new system programming language that offers a practical and safe alternative to C. ...
In conventional programing languages, information flow analysis is complicated by pointer aliasing. ...
doi:10.1145/3139645.3139660
fatcat:h2brz34d7fgrzalvbjqy2a7mse
System Programming in Rust
2017
Proceedings of the 16th Workshop on Hot Topics in Operating Systems - HotOS '17
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability ...
Rust is a new system programming language that offers a practical and safe alternative to C. ...
In conventional programing languages, information flow analysis is complicated by pointer aliasing. ...
doi:10.1145/3102980.3103006
dblp:conf/hotos/Balasubramanian17
fatcat:jvidoiwomjesjh4pfh5zq3w5nm
Role-Based access control consistency validation
2006
Proceedings of the 2006 international symposium on Software testing and analysis - ISSTA'06
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Relying on interprocedural pointer analysis and dataflow analysis, SAVES analyzes Java EE bytecode to determine if the associated RBAC policy is location consistent, and reports potential security flaws ...
We have built a static analysis tool for Java Platform, Enterprise Edition (Java EE) called Static Analysis for Validation of Enterprise Security (SAVES). ...
paper; and the anonymous reviewers of ISSTA 2006 for their insightful comments. ...
doi:10.1145/1146238.1146253
dblp:conf/issta/CentonzeNFP06
fatcat:w5txdsxomrgs7k7ke7pi7pjb3a
Representation independence, confinement and access control [extended abstract]
2002
Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '02
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2003; you can also visit the original URL.
The file type is application/pdf.
Denotational semantics is given for a Java-like language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control ...
Representation independence (relational parametricity) is proved, using a semantic notion of confinement similar to ones for which static disciplines have been recently proposed. ...
Peter O'Hearn, David Schmidt, and the anonymous referees offered improvements and encouragement. Hongseok Yang pointed out a faulty proof step, which led us to correct the definition of confinement. ...
doi:10.1145/503272.503289
dblp:conf/popl/BanerjeeN02
fatcat:iyoqa2r7cnhfvhzaeehpmaglee
Representation independence, confinement and access control [extended abstract]
2002
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2003; you can also visit the original URL.
The file type is application/pdf.
Denotational semantics is given for a Java-like language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control ...
Representation independence (relational parametricity) is proved, using a semantic notion of confinement similar to ones for which static disciplines have been recently proposed. ...
Peter O'Hearn, David Schmidt, and the anonymous referees offered improvements and encouragement. Hongseok Yang pointed out a faulty proof step, which led us to correct the definition of confinement. ...
doi:10.1145/565816.503289
fatcat:c4z3adsjcvbslfywlwxwkzafze
IMATT: An Integrated Multi-Agent Testing Tool for the Security of Agent-Based Web Applications
2013
World Journal of Computer Application and Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Here, a temporal-based assertion language is introduced to help in detecting security violations (errors) in the underlying application. ...
Such tool comprises static analyzer, dynamic tester and an integrator of the two components for detecting security vulnerabilities and errors in agent based web applications written in Java. ...
Livshits et al [15] have exploited a Program Query Language to build up a static analyzer for finding out security flaws in Java application. ...
doi:10.13189/wjcat.2013.010201
fatcat:5qpcjifh3rgztonypxymschuai
Static Program Analysis for Security
[chapter]
2007
The Compiler Design Handbook
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf.
Finally, we discuss static analysis of information flow expressed in a language that has been annotated with flow policies. ...
In this chapter, we discuss static analysis of the security of a system. ...
Java Information Flow (Jif ) Language Jif is Java based information flow programming language that adds static analysis of information flow for improved security assurance. ...
doi:10.1201/9781420043839.ch2
fatcat:254roq3ykrecfly3udo6o5xzva
A JVM for soft-error-prone embedded systems
2013
Proceedings of the 14th ACM SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems - LCTES '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Accordingly, software-based techniques have recently gained in popularity, and a multitude of approaches that differ in the number and frequency of tolerated errors as well as their associated overhead ...
An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible. ...
As we do not make use of garbage collection in the scope of this paper, but rely on simple bump-pointer allocation, we do not need to secure any GC information. ...
doi:10.1145/2491899.2465571
fatcat:iyceoh2l35c5zi7hsqwwiquy4e
A JVM for soft-error-prone embedded systems
2013
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Accordingly, software-based techniques have recently gained in popularity, and a multitude of approaches that differ in the number and frequency of tolerated errors as well as their associated overhead ...
An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible. ...
As we do not make use of garbage collection in the scope of this paper, but rely on simple bump-pointer allocation, we do not need to secure any GC information. ...
doi:10.1145/2499369.2465571
fatcat:6ftidvp7tzh6plphezx2wxgxxa
Effective typestate verification in the presence of aliasing
2006
Proceedings of the 2006 international symposium on Software testing and analysis - ISSTA'06
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2006; you can also visit the original URL.
The file type is application/pdf.
In particular, we present a flowsensitive, context-sensitive, integrated verifier that utilizes a parametric abstract domain combining typestate and aliasing information. ...
We have evaluated our framework on a number of real Java programs, checking correct API usage for various Java standard libraries. ...
and pointer information. ...
doi:10.1145/1146238.1146254
dblp:conf/issta/FinkYDRG06
fatcat:lvs2p5nkn5dffcrn7adfoa2f2q
JavaCOP
2010
ACM Transactions on Programming Languages and Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The JAVACOP framework also includes a dataflow analysis API in order to support type systems which depend on flow-sensitive information. ...
JAVACOP provides a simple declarative language in which program constraints are defined over a program's abstract syntax tree. ...
programming language like Java. ...
doi:10.1145/1667048.1667049
fatcat:upiyc2sfnffglly2pxpfkxbhzm
« Previous
Showing results 1 — 15 out of 954 results