Securing Class Initialization

  • Keiko Nakata
  • Andrei Sabelfeld
Conference paper

DOI: 10.1007/978-3-642-13446-3_4

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 321)
Cite this paper as:
Nakata K., Sabelfeld A. (2010) Securing Class Initialization. In: Nishigaki M., Jøsang A., Murayama Y., Marsh S. (eds) Trust Management IV. IFIPTM 2010. IFIP Advances in Information and Communication Technology, vol 321. Springer, Berlin, Heidelberg

Abstract

Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, the impact of class initialization on information flow has been so far largely unexplored. This paper turns the spotlight on security implications of class initialization. We discuss the subtleties of information propagation when classes are initialized and propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. We show how to extend the formalization to a language with exception handling.

Download to read the full conference paper text

Copyright information

© IFIP 2010

Authors and Affiliations

  • Keiko Nakata
    • 1
  • Andrei Sabelfeld
    • 2
  1. 1.Institute of CyberneticsTallinn University of TechnologyTallinnEstonia
  2. 2.Chalmers University of TechnologyGothenburgSweden

Personalised recommendations