Securing Class Initialization in Java-like Languages.

Slides:



Advertisements
Similar presentations
Abstract Shortest distance query is a fundamental operation in large-scale networks. Many existing methods in the literature take a landmark embedding.
Advertisements

On the Node Clone Detection inWireless Sensor Networks.
Optimizing Cloud Resources for Delivering IPTV Services Through Virtualization.
Toward a Statistical Framework for Source Anonymity in Sensor Networks.
Abstract Cloud data center management is a key problem due to the numerous and heterogeneous strategies that can be applied, ranging from the VM placement.
Abstract Load balancing in the cloud computing environment has an important impact on the performance. Good load balancing makes cloud computing more.
A Secure Protocol for Spontaneous Wireless Ad Hoc Networks Creation.
Back-Pressure-Based Packet-by-Packet Adaptive Routing in Communication Networks.
Personalized QoS-Aware Web Service Recommendation and Visualization.
Abstract Provable data possession (PDP) is a probabilistic proof technique for cloud service providers (CSPs) to prove the clients' data integrity without.
Discovering Emerging Topics in Social Streams via Link Anomaly Detection.
IP-Geolocation Mapping for Moderately Connected Internet Regions.
Crowdsourcing Predictors of Behavioral Outcomes. Abstract Generating models from large data sets—and deter¬mining which subsets of data to mine—is becoming.
Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs.
Minimum Cost Blocking Problem in Multi-path Wireless Routing Protocols.
Cross-Domain Privacy-Preserving Cooperative Firewall Optimization.
A Survey of Mobile Cloud Computing Application Models
NICE :Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems.
Dynamic Resource Allocation Using Virtual Machines for Cloud Computing Environment.
Security Evaluation of Pattern Classifiers under Attack.
Privacy-Preserving Public Auditing for Secure Cloud Storage
BestPeer++: A Peer-to-Peer Based Large-Scale Data Processing Platform.
Privacy Preserving Data Sharing With Anonymous ID Assignment
m-Privacy for Collaborative Data Publishing
Tweet Analysis for Real-Time Event Detection and Earthquake Reporting System Development.
EAACK—A Secure Intrusion-Detection System for MANETs
A Fast Clustering-Based Feature Subset Selection Algorithm for High- Dimensional Data.
Combining Cryptographic Primitives to Prevent Jamming Attacks in Wireless Networks.
Optimal Client-Server Assignment for Internet Distributed Systems.
Protecting Sensitive Labels in Social Network Data Anonymization.
Identity-Based Secure Distributed Data Storage Schemes.
Incentive Compatible Privacy-Preserving Data Analysis.
Enabling Dynamic Data and Indirect Mutual Trust for Cloud Computing Storage Systems.
LARS*: An Efficient and Scalable Location-Aware Recommender System.
Cooperative Caching for Efficient Data Access in Disruption Tolerant Networks.
Anonymization of Centralized and Distributed Social Networks by Sequential Clustering.
Accuracy-Constrained Privacy-Preserving Access Control Mechanism for Relational Data.
Identity-Based Distributed Provable Data Possession in Multi-Cloud Storage.
Abstract Link error and malicious packet dropping are two sources for packet losses in multi-hop wireless ad hoc network. In this paper, while observing.
A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.
Modeling the Pairwise Key Predistribution Scheme in the Presence of Unreliable Links.
Privacy Preserving Delegated Access Control in Public Clouds.
Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds.
Anomaly Detection via Online Over-Sampling Principal Component Analysis.
A Generalized Flow-Based Method for Analysis of Implicit Relationships on Wikipedia.
Keyword Query Routing.
Document Clustering for Forensic Analysis: An Approach for Improving Computer Inspection.
A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.
Facilitating Document Annotation using Content and Querying Value.
Clustering Sentence-Level Text Using a Novel Fuzzy Relational Clustering Algorithm.
Participatory Privacy: Enabling Privacy in Participatory Sensing
Preventing Private Information Inference Attacks on Social Networks.
Supporting Privacy Protection in Personalized Web Search.
Twitsper: Tweeting Privately. Abstract Although online social networks provide some form of privacy controls to protect a user's shared content from other.
m-Privacy for Collaborative Data Publishing
Attribute-Based Encryption With Verifiable Outsourced Decryption.
A Scalable Two-Phase Top-Down Specialization Approach for Data Anonymization Using MapReduce on Cloud.
Multiparty Access Control for Online Social Networks : Model and Mechanisms.
A New Algorithm for Inferring User Search Goals with Feedback Sessions.
Harnessing the Cloud for Securely Outsourcing Large- Scale Systems of Linear Equations.
Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption.
Dynamic Control of Coding for Progressive Packet Arrivals in DTNs.
Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.
Privacy-Enhanced Web Service Composition. Abstract Data as a Service (DaaS) builds on service-oriented technologies to enable fast access to data resources.
Privacy-Preserving and Content-Protecting Location Based Queries.
Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.
Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.
Distributed Processing of Probabilistic Top-k Queries in Wireless Sensor Networks.
Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.
Presentation transcript:

Securing Class Initialization in Java-like Languages

Abstract Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels.

Abstract con… Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of- scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference.

Existing System Language-based concepts and techniques are becoming increasingly popular in the context of security [23], [37], [41], [36], [25], [27], [14], [18] because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popu­lar examples include: 1) Java stack inspection [41], which enforces a stack-based access- control discipline, 2) Java bytecode verification [25], which traverses bytecode to verify type safety, and 3) web languages such as Caja [27], ADsafe [14], and FBJS [18], which use program transforma­tion and language subsets to enforce sandboxing and separation properties.

Architecture Diagram

System Specification HARDWARE REQUIREMENTS Processor : intel Pentium IV Ram : 512 MB Hard Disk : 80 GB HDD SOFTWARE REQUIREMENTS Operating System : windows XP / Windows 7 FrontEnd : Java BackEnd : MySQL 5

CONCLUSION Seeking to shed light on a largely unexplored area, we have presented considerations for and a formalization of secure class initialization. Our considerations highlight that class initialization poses challenges for security since controlling (the order of) side effects performed by class initialization is challenging. Hence, great care needs to be taken by information-flow enforcement mechanisms to guarantee security. One path, taken by Jif [28], [29], is to severely restrict class initialization code so that it may only manipulate constants in an exception-free manner. Arguing that it is sometimes too restrictive, we have explored another path: allow powerful initialization code but track its side effects. The enforcement ensures that the side effects do not reveal anything about the differences in control- flow paths that the program might take depending on secret input. Our formalization demonstrates the idea by a type-and-effect system for a simple language that enforces noninterference. To the best of our knowledge, it is the first formal approach to the problem of secure class initialization in the presence of class hierarchies. (Soundness of Jif's class initialization is yet to be established.)

THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.