Skip to main content
SpringerLink
Log in

Program Analysis for Security and Privacy

Report on the WS PASSWORD at ECOOP’06

  • Conference paper
Object-Oriented Technology. ECOOP 2006 Workshop Reader (ECOOP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4379))

Included in the following conference series:

  • 273 Accesses

Abstract

Software security has become more important than ever. Unfortunately, still now, the security of a software system is almost always retrofitted to an afterthought. When security problems arise, understanding and correcting them can be very challenging. On the one hand, the program analysis research community has created numerous static and dynamic analysis tools for performance optimization and bug detection in object-oriented programs. On the other hand, the security and privacy research community has been looking for solutions to automatically detect security problems, privacy violations, and access-control requirements of object-oriented programs. The purpose of the First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), was to bring together members of the academic and industrial communities interested in applying analysis, testing, and verification to security and privacy problems, and to encourage program analysis researchers to see the applicability of their work to security and privacy—an area of research that still needs a lot of exploration. This paper summarizes the discussions and contributions of the PASSWORD workshop.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Centonze, P., et al.: Role-Based Access Control Consistency Validation. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA ’06), Portland, Maine, USA, July (2006)

    Google Scholar 

  2. Freeman, A., Jones, A.: Programming.NET Security. O’Reilly & Associates, Inc., Sebastopol (June 2003)

    Google Scholar 

  3. Gopalakrishna, R., Spafford, E.H., Vitek, J.: Efficient Intrusion Detection Using Automaton Inlining. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2005, pp. 18–31. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  4. Grandy, H., Stenzel, K., Reif, W.: Refinement of Security Protocol Data Types to Java. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)

    Google Scholar 

  5. Hammer, C., Krinke, J., Snelting, G.: Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In: Proceedings of IEEE International Symposium on Secure Software Engineering, Arlington, Virginia, USA, IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  6. Koved, L., Pistoia, M., Kershenbaum, A.: Access Rights Analysis for Java. In: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, Seattle, WA, USA, November 2002, pp. 359–372. ACM Press, New York (2002), doi:10.1145/582419.582452

    Chapter  Google Scholar 

  7. Li, W., Lam, L.-c., Chiueh, T.-c.: Application Specific Sandboxing for Win32/Intel Binaries. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)

    Google Scholar 

  8. Logozzo, F.: Class-level modular analysis for object oriented languages. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Logozzo, F.: Automatic inference of class invariants. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, Springer, Heidelberg (2004)

    Google Scholar 

  10. Naumovich, G.: A Conservative Algorithm for Computing the Flow of Permissions in Java Programs. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA ’02), Rome, Italy, July, pp. 33–43 (2002)

    Google Scholar 

  11. Naumovich, G., Centonze, P.: Static Analysis of Role-Based Access Control in J2EE Applications. SIGSOFT Software Engineering Notes 29(5), 1–10 (2004), doi:10.1145/1022494.1022530

    Article  Google Scholar 

  12. Nguyen, N., Rathke, J.: Typed Static Analysis for Concurrent, Policy-Based, Resource Access Control. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)

    Google Scholar 

  13. Pistoia, M.: Keynote: Static Analysis for Stack-Inspection and Role-Based Access Control Systems. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)

    Google Scholar 

  14. Pistoia, M., Fink, S.J., Flynn, R.J., Yahav, E.: When Role Models Have Flaws: Static Validation of Enterprise Security Policies. Technical Report RC24056 (W0609-065), IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, USA (September 2006)

    Google Scholar 

  15. Pistoia, M., Flynn, R.J.: Interprocedural Analysis for Automatic Evaluation of Role-Based Access Control Policies. Technical Report RC23846 (W0511-020), IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, USA (November 2005)

    Google Scholar 

  16. Pistoia, M., et al.: Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, Springer, Heidelberg (2005)

    Google Scholar 

  17. Pistoia, M., et al.: Enterprise Java Security. Addison-Wesley, Reading (February 2004)

    Google Scholar 

  18. Pistoia, M., et al.: Java 2 Network Security, 2nd edn. Prentice Hall PTR, Upper Saddle River (August 1999)

    Google Scholar 

  19. Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63, 1278–1308 (1975)

    Article  Google Scholar 

  20. Vitek, J.: Keynote: Advance in Intrusion Detection. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)

    Google Scholar 

  21. Yin, J., et al.: On Estimating the Security Risks of Composite Software Services. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM T. J. Watson Research Center, Hawthorne, New York, USA

    Marco Pistoia

  2. École Normale Supérieure, Paris, France

    Francesco Logozzo

Authors
  1. Marco Pistoia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francesco Logozzo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Mario Südholt Charles Consel

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Pistoia, M., Logozzo, F. (2007). Program Analysis for Security and Privacy. In: Südholt, M., Consel, C. (eds) Object-Oriented Technology. ECOOP 2006 Workshop Reader. ECOOP 2006. Lecture Notes in Computer Science, vol 4379. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71774-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71774-4_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71772-0

  • Online ISBN: 978-3-540-71774-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation