论文信息 - Data-Flow Based Analysis of Java Bytecode Vulnerability

Data-Flow Based Analysis of Java Bytecode Vulnerability

Java is widely used because its security and platform independence. Although Java's security model is designed for protecting users from untrusted sources, Java's security is not under fully control at the application level. A large number of Java classes or Java class libraries have been used in network iquest application development, whose source is unknown and trust unassured. Analyzing the vulnerability of Java bytecode is helpful for assessing the security of untrusted Java components. The data-flow based methods suit to vulnerability analysis because their data propagation character. The paper is about using data-flow based methods to analyze the vulnerability of Java program in bytecode.

Hua Chen | Gang Zhao | Dongxia Wang

[1] Benjamin Livshits,et al. Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[2] Bill Venners,et al. Inside the Java Virtual Machine , 1997 .

[3] Alfred V. Aho,et al. Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[4] C. Chambers,et al. An Assessment of Call Graph Construction Algorithms , 2000 .

[5] Ondrej Lhoták,et al. Comparing call graphs , 2007, PASTE '07.

[6] Steven S. Muchnick,et al. Advanced Compiler Design and Implementation , 1997 .

[7] Benjamin Livshits,et al. Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[8] Barbara G. Ryder,et al. Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[9] Michael Franz,et al. Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .