Skip to main content
SpringerLink
Log in

Evaluation of Jif and Joana as Information Flow Analyzers in a Model-Driven Approach

  • Conference paper
Data Privacy Management and Autonomous Spontaneous Security (DPM 2012, SETOP 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7731))

Abstract

Checking for information leaks in real-world applications is a difficult task. IFlow is a model-driven approach which allows to develop information flow-secure applications using intuitive modeling guidelines. It supports the automatic generation of partial Java code while also providing the developer with the ability to formally verify complex information flow properties. To simplify the formal verification, we integrate an automatic Java application information flow analyzer, allowing to check simple noninterference properties. In this paper, we evaluate both Jif and Joana as such analyzers to determine the best suiting information flow control tool in the context of, but not limited to the IFlow approach.

This work is sponsored by the Priority Programme 1496 “Reliably Secure Software Systems - RS3” of the Deutsche Forschungsgemeinschaft (DFG).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal System Development with KIV. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, pp. 363–366. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  2. Binkley, D., Harman, M., Krinke, J.: Empirical study of optimization techniques for massive slicing. ACM Trans. Program. Lang. Syst. 30 (November 2007)

    Google Scholar 

  3. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 21. USENIX Association, Berkeley (2011)

    Google Scholar 

  4. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 627–638. ACM, New York (2011)

    Google Scholar 

  5. Fischer, P., Katkalov, K., Stenzel, K., Reif, W.: Formal Verification of Information Flow Secure Systems with IFlow. Technical Report 2012-05, Universität Augsburg (2012), http://www.informatik.uni-augsburg.de/lehrstuehle/swt/se/publications/

  6. Hammer, C.: Experiences with PDG-Based IFC. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 44–60. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security 8(6), 399–422 (2006); Supersedes ISSSE and ISoLA 2006

    Article  Google Scholar 

  8. Hardy, N.: The confused deputy: (or why capabilities might have been invented). SIGOPS Oper. Syst. Rev. 22(4), 36–38 (1988)

    Article  Google Scholar 

  9. Katkalov, K., Fischer, P., Stenzel, K., Reif, W.: Model-Driven Code Generation of Information Flow Secure Systems with IFlow. Technical Report 2012-04, Universität Augsburg (2012), http://www.informatik.uni-augsburg.de/lehrstuehle/swt/se/publications/

  10. Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. In: Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems], pp. 89–116 (2003)

    Google Scholar 

  11. Preibusch, S.: Information flow control for static enforcement of user-defined privacy policies. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 133–136 (June 2011)

    Google Scholar 

  12. Schlegel, R., Zhang, K., Yong Zhou, X., Intwala, M., Kapadia, A., Wang, X.: Soundcomber: A stealthy and context-aware sound trojan for smartphones. In: NDSS. The Internet Society (2011)

    Google Scholar 

  13. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Transactions on Software Engineering and Methodology 15(4), 410–457 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Software Engineering and Programming Languages, University of Augsburg, Germany

    Kuzman Katkalov, Peter Fischer, Kurt Stenzel, Nina Moebius & Wolfgang Reif

Authors
  1. Kuzman Katkalov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter Fischer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kurt Stenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nina Moebius
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wolfgang Reif
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Università degli Studi Roma Tre, Largo San Leonardo Murialdo, 1, 00146, Rome, Italy

    Roberto Di Pietro

  2. Universitat Politècnica de Catalunya, c. Jordi Girona 1-3, 08034, Barcelona, Spain

    Javier Herranz

  3. Università degli Studi di Milano, Via Bramante, 65, 26013, Milan, Italy

    Ernesto Damiani

  4. University of Luxembourg, rue Alphonse Weicker, 4, 2721, Luxembourg, Luxembourg

    Radu State

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Katkalov, K., Fischer, P., Stenzel, K., Moebius, N., Reif, W. (2013). Evaluation of Jif and Joana as Information Flow Analyzers in a Model-Driven Approach. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2012 2012. Lecture Notes in Computer Science, vol 7731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35890-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35890-6_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35889-0

  • Online ISBN: 978-3-642-35890-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation