Filters








954 Hits in 5.1 sec

Language Issues in Mobile Program Security [chapter]

Dennis Volpano, Geoffrey Smith
1998 Lecture Notes in Computer Science  
This may seem a bit artificial since one might like to model security more symmetrically. 1 Nonetheless, it is a useful distinction for now.  ...  This requires a better understanding of the relationship between programming language design and security. Appropriate security properties must be identified.  ...  There are many reasons why programs written in languages like Java and C may produce runtime errors. Invalid class formats in Java and invalid pointer arithmetic in C are examples.  ... 
doi:10.1007/3-540-68671-1_3 fatcat:d7znuwyxzfasndcoy3y5fiyyya

Software Security analysis, static and dynamic testing in java and C environment, a comparative study [article]

Manas Gaur
2012 arXiv   pre-print
I used tools confined to JAVA to test as how weak points in the code can be rectified before compiled.  ...  The byte code theft is difficult to be conquered, so it's a better to get rid of it in the plain java code itself.  ...  All these counters are derived from information contained in Java class files which basically are Java byte code instructions and debug information optionally embedded in class files.  ... 
arXiv:1208.3205v1 fatcat:4z4ta3o6cnac7cjscjxhsyr3ha

Recent Developments in Low-Level Software Security [chapter]

Pieter Agten, Nick Nikiforakis, Raoul Strackx, Willem De Groef, Frank Piessens
2012 Lecture Notes in Computer Science  
In this paper we discuss state-of-the-art approaches for securing code written in C-like languages for both attacker models discussed above, and we highlight some very recent developments in low-level  ...  For instance a malicious natively implemented function called from a Java program can attack the Java program in very powerful ways and such attacks wil again depend essentially on many details of the  ...  Relevant parameters and control flow information must be moved between these stacks on entry and exit points.  ... 
doi:10.1007/978-3-642-30955-7_1 fatcat:dee3rn5l3ndyhkopj67nir6s5a

Hardware and software support for fine-grained memory access control and encapsulation in C++

Eugen Leontie, Gedare Bloom, Rahul Simha
2013 Proceedings of the 2013 companion publication for conference on Systems, programming, & applications: software for humanity - SPLASH '13  
Compilers can verify that code adheres to specifiers, but verification can be broken in languages like C++ by unchecked pointers. Thus, C++ programmers are taught that "private is not secure."  ...  We propose hardware and software support to confine memory accesses in fine-grained memory regions that isolate within and between objects so that C++ programs can enforce encapsulation and prevent pointer-based  ...  Conclusion We demonstrated that fine-grained memory protection can support OOP languages like C++. Future work can implement and evaluate more OOP features and real applications.  ... 
doi:10.1145/2508075.2508091 dblp:conf/oopsla/LeontieBS13 fatcat:uegkya2p2ra53mhjtlwdmwoisq

System Programming in Rust

Abhiram Balasubramanian, Marek S. Baranowski, Anton Burtsev, Aurojit Panda, Zvonimir Rakamari, Leonid Ryzhyk
2017 ACM SIGOPS Operating Systems Review  
In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability  ...  Rust is a new system programming language that offers a practical and safe alternative to C.  ...  In conventional programing languages, information flow analysis is complicated by pointer aliasing.  ... 
doi:10.1145/3139645.3139660 fatcat:h2brz34d7fgrzalvbjqy2a7mse

System Programming in Rust

Abhiram Balasubramanian, Marek S. Baranowski, Anton Burtsev, Aurojit Panda, Zvonimir Rakamarić, Leonid Ryzhyk
2017 Proceedings of the 16th Workshop on Hot Topics in Operating Systems - HotOS '17  
In particular, Rust's linear type system enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability  ...  Rust is a new system programming language that offers a practical and safe alternative to C.  ...  In conventional programing languages, information flow analysis is complicated by pointer aliasing.  ... 
doi:10.1145/3102980.3103006 dblp:conf/hotos/Balasubramanian17 fatcat:jvidoiwomjesjh4pfh5zq3w5nm

Role-Based access control consistency validation

Paolina Centonze, Gleb Naumovich, Stephen J. Fink, Marco Pistoia
2006 Proceedings of the 2006 international symposium on Software testing and analysis - ISSTA'06  
Relying on interprocedural pointer analysis and dataflow analysis, SAVES analyzes Java EE bytecode to determine if the associated RBAC policy is location consistent, and reports potential security flaws  ...  We have built a static analysis tool for Java Platform, Enterprise Edition (Java EE) called Static Analysis for Validation of Enterprise Security (SAVES).  ...  paper; and the anonymous reviewers of ISSTA 2006 for their insightful comments.  ... 
doi:10.1145/1146238.1146253 dblp:conf/issta/CentonzeNFP06 fatcat:w5txdsxomrgs7k7ke7pi7pjb3a

Representation independence, confinement and access control [extended abstract]

Anindya Banerjee, David A. Naumann
2002 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '02  
Denotational semantics is given for a Java-like language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control  ...  Representation independence (relational parametricity) is proved, using a semantic notion of confinement similar to ones for which static disciplines have been recently proposed.  ...  Peter O'Hearn, David Schmidt, and the anonymous referees offered improvements and encouragement. Hongseok Yang pointed out a faulty proof step, which led us to correct the definition of confinement.  ... 
doi:10.1145/503272.503289 dblp:conf/popl/BanerjeeN02 fatcat:iyoqa2r7cnhfvhzaeehpmaglee

Representation independence, confinement and access control [extended abstract]

Anindya Banerjee, David A. Naumann
2002 SIGPLAN notices  
Denotational semantics is given for a Java-like language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control  ...  Representation independence (relational parametricity) is proved, using a semantic notion of confinement similar to ones for which static disciplines have been recently proposed.  ...  Peter O'Hearn, David Schmidt, and the anonymous referees offered improvements and encouragement. Hongseok Yang pointed out a faulty proof step, which led us to correct the definition of confinement.  ... 
doi:10.1145/565816.503289 fatcat:c4z3adsjcvbslfywlwxwkzafze

IMATT: An Integrated Multi-Agent Testing Tool for the Security of Agent-Based Web Applications

Fathy E.Eassa, M. Zaki, Ahmed M. Eassa, Tahani Aljehani
2013 World Journal of Computer Application and Technology  
Here, a temporal-based assertion language is introduced to help in detecting security violations (errors) in the underlying application.  ...  Such tool comprises static analyzer, dynamic tester and an integrator of the two components for detecting security vulnerabilities and errors in agent based web applications written in Java.  ...  Livshits et al [15] have exploited a Program Query Language to build up a static analyzer for finding out security flaws in Java application.  ... 
doi:10.13189/wjcat.2013.010201 fatcat:5qpcjifh3rgztonypxymschuai

Static Program Analysis for Security [chapter]

K Gopinath
2007 The Compiler Design Handbook  
Finally, we discuss static analysis of information flow expressed in a language that has been annotated with flow policies.  ...  In this chapter, we discuss static analysis of the security of a system.  ...  Java Information Flow (Jif ) Language Jif is Java based information flow programming language that adds static analysis of information flow for improved security assurance.  ... 
doi:10.1201/9781420043839.ch2 fatcat:254roq3ykrecfly3udo6o5xzva

A JVM for soft-error-prone embedded systems

Isabella Stilkerich, Michael Strotz, Christoph Erhardt, Martin Hoffmann, Daniel Lohmann, Fabian Scheler, Wolfgang Schröder-Preikschat
2013 Proceedings of the 14th ACM SIGPLAN/SIGBED conference on Languages, compilers and tools for embedded systems - LCTES '13  
Accordingly, software-based techniques have recently gained in popularity, and a multitude of approaches that differ in the number and frequency of tolerated errors as well as their associated overhead  ...  An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible.  ...  As we do not make use of garbage collection in the scope of this paper, but rely on simple bump-pointer allocation, we do not need to secure any GC information.  ... 
doi:10.1145/2491899.2465571 fatcat:iyceoh2l35c5zi7hsqwwiquy4e

A JVM for soft-error-prone embedded systems

Isabella Stilkerich, Michael Strotz, Christoph Erhardt, Martin Hoffmann, Daniel Lohmann, Fabian Scheler, Wolfgang Schröder-Preikschat
2013 SIGPLAN notices  
Accordingly, software-based techniques have recently gained in popularity, and a multitude of approaches that differ in the number and frequency of tolerated errors as well as their associated overhead  ...  An automated application of fault-detection and fault-tolerance measures based on the type system of the programming language and static code analyses is possible.  ...  As we do not make use of garbage collection in the scope of this paper, but rely on simple bump-pointer allocation, we do not need to secure any GC information.  ... 
doi:10.1145/2499369.2465571 fatcat:6ftidvp7tzh6plphezx2wxgxxa

Effective typestate verification in the presence of aliasing

Stephen Fink, Eran Yahav, Nurit Dor, G. Ramalingam, Emmanuel Geay
2006 Proceedings of the 2006 international symposium on Software testing and analysis - ISSTA'06  
In particular, we present a flowsensitive, context-sensitive, integrated verifier that utilizes a parametric abstract domain combining typestate and aliasing information.  ...  We have evaluated our framework on a number of real Java programs, checking correct API usage for various Java standard libraries.  ...  and pointer information.  ... 
doi:10.1145/1146238.1146254 dblp:conf/issta/FinkYDRG06 fatcat:lvs2p5nkn5dffcrn7adfoa2f2q

JavaCOP

Shane Markstrum, Daniel Marino, Matthew Esquivel, Todd Millstein, Chris Andreae, James Noble
2010 ACM Transactions on Programming Languages and Systems  
The JAVACOP framework also includes a dataflow analysis API in order to support type systems which depend on flow-sensitive information.  ...  JAVACOP provides a simple declarative language in which program constraints are defined over a program's abstract syntax tree.  ...  programming language like Java.  ... 
doi:10.1145/1667048.1667049 fatcat:upiyc2sfnffglly2pxpfkxbhzm
« Previous Showing results 1 — 15 out of 954 results