Treffer: Java Bytecode Dependence Analysis for Secure Information Flow Abstract

Java programs can be transmitted and executed on another host in bytecode format, thus the sensitive information of the host may be leaked via these assembly-like programs. Information flow policy can ensure data confidentiality, however, conventional information flow analysis mainly focused on the programs written in high-level programming languages and is generally performed by type checking approach, which assigns security classes to the variables then verifies information flow policy in program executing order. These approaches are inadequate to address the information flow in bytecode and the type systems verification method is imprecise. This paper presents a method to disclose java bytecode information flow by dependence analysis, in which the information flow analysis is separated to two phases to improve precision. First is determining information dependence relationship among the variables in the bytecode then is verifying the security based on security class. A prototype tool has been developed, by which the bytecode information flow of object or class files can be analyzed.