SlideShare a Scribd company logo

Securing class initialization in java like languages

Download as DOCX, PDF
JPINFOTECH JAYAPRAKASH
JPINFOTECH JAYAPRAKASH

Securing class initialization in java like languages

EducationTechnology
1 of 6
Securing Class Initialization in Java-like Languages ABSTRACT: Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object- oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference.
EXISTING SYSTEM: Language-based concepts and techniques are becoming increasingly popular in the context of security because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popular examples include: 1) Java stack inspection, which enforces a stack-based access-control discipline, 2) Java byte code verification, which traverses byte code to verify type safety, and 3) web languages such as Caja, ADsafe and FBJS which use program transformation and language subsets to enforce sandboxing and separation properties. Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. There has been much recent progress on understanding information flow in languages of increasing complexity, and, consequently, information-flow security tools for languages such as Java, ML, and Ada have emerged. In particular, information flow in object-oriented languages has been an area of intensive development. However, it is surprising that the impact of class initialization, being an important aspect of object-oriented programs, has received scarce attention in the context of security.
DISADVANTAGES OF EXISTING SYSTEM: Complexity is introduced by exceptions raised during initialization, as these can be exploited to leak secret information. The key issue is that class initialization may perform side effects (such as opening a file or updating the memory). The side effects may be exploited by the attacker who may deduce from these side effects which classes have (not) been initialized, which is sometimes sufficient to learn secret information. PROPOSED SYSTEM: We propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. By ensuring that the initialization (or success thereof) of a class containing public fields in no way depends on the evaluation of an expression (or success thereof) containing secret data, the type-and-effect system guarantees security in a form of noninterference. Informally, noninterference guarantees that a program’s public outputs are independent of secret inputs. A key intricacy here is that of class dependencies: An initialization of one class can cause the initialization of other
classes. The only approach we are aware of that actually considers class initialization in the context of information-flow security is Jif ADVANTAGES OF PROPOSED SYSTEM: Jif’s restrictions on initialization code are rather severe: only simple constant manipulations, which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in scenarios such as server-side code. SYSTEM CONFIGURATION:- HARDWARE CONFIGURATION:-  Processor - Pentium –IV  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - SVGA
SOFTWARE CONFIGURATION:-  Operating System : Windows XP  Programming Language : JAVA  Java Version : JDK 1.6 & above. REFERENCE: Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java-like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013
Securing class initialization in java like languages

Recommended

Securing class initialization in java like languages
Securing class initialization in java like languagesSecuring class initialization in java like languages
Securing class initialization in java like languagesIEEEFINALYEARPROJECTS
 
cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdfDivyaSharma512960
 
Security+
Security+Security+
Security+bestip
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
Necto 16 training 19 - data security
Necto 16 training 19 - data securityNecto 16 training 19 - data security
Necto 16 training 19 - data securityPanorama Software
 
Corporate Endpoint Security Training [Kaspersky]
Corporate Endpoint Security Training [Kaspersky]Corporate Endpoint Security Training [Kaspersky]
Corporate Endpoint Security Training [Kaspersky]Desmond Israel
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Os security issues
Os security issuesOs security issues
Os security issuesJOLLUSUDARSHANREDDY
 

Recommended

Securing class initialization in java like languages
Securing class initialization in java like languagesSecuring class initialization in java like languages
Securing class initialization in java like languagesIEEEFINALYEARPROJECTS
 
cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdfDivyaSharma512960
 
Security+
Security+Security+
Security+bestip
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
Necto 16 training 19 - data security
Necto 16 training 19 - data securityNecto 16 training 19 - data security
Necto 16 training 19 - data securityPanorama Software
 
Corporate Endpoint Security Training [Kaspersky]
Corporate Endpoint Security Training [Kaspersky]Corporate Endpoint Security Training [Kaspersky]
Corporate Endpoint Security Training [Kaspersky]Desmond Israel
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Os security issues
Os security issuesOs security issues
Os security issuesJOLLUSUDARSHANREDDY
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
Sophos intercept-x
Sophos intercept-xSophos intercept-x
Sophos intercept-xMerrymary Tom
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
26 - Panorama Necto 14 data security - visualization & data discovery solution
26 - Panorama Necto 14 data security - visualization & data discovery solution26 - Panorama Necto 14 data security - visualization & data discovery solution
26 - Panorama Necto 14 data security - visualization & data discovery solutionPanorama Software
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Top Security Analytics Tools
Top Security Analytics ToolsTop Security Analytics Tools
Top Security Analytics ToolsPatten John
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Ayed Al Qartah
 
Is roles
Is rolesIs roles
Is rolesnahrgangster41
 
Protecting Against Ransomware
Protecting Against RansomwareProtecting Against Ransomware
Protecting Against RansomwareSymantec
 
Ten Tools for Security Professionals
Ten Tools for Security ProfessionalsTen Tools for Security Professionals
Ten Tools for Security ProfessionalsMcGrewSecurity
 
Technical Report Writing Presentation
Technical Report Writing PresentationTechnical Report Writing Presentation
Technical Report Writing PresentationGhazanfar Latif (Gabe)
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Chris Theisen
 
VMRay intro video
VMRay intro videoVMRay intro video
VMRay intro videoChad Loeven
 
Case of a computer hack
Case of a computer hackCase of a computer hack
Case of a computer hackericwinn
 
Osstmm.3
Osstmm.3Osstmm.3
Osstmm.3Juan Correa
 
Dynamic control of coding for progressive packet arrivals in dtns
Dynamic control of coding for progressive packet arrivals in dtnsDynamic control of coding for progressive packet arrivals in dtns
Dynamic control of coding for progressive packet arrivals in dtnsJPINFOTECH JAYAPRAKASH
 
ieee 2013 best project titles with latest techniques
ieee 2013 best project titles with latest techniquesieee 2013 best project titles with latest techniques
ieee 2013 best project titles with latest techniquesJPINFOTECH JAYAPRAKASH
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...JPINFOTECH JAYAPRAKASH
 
Fast transmission to remote cooperative groups a new key management paradigm
Fast transmission to remote cooperative groups a new key management paradigmFast transmission to remote cooperative groups a new key management paradigm
Fast transmission to remote cooperative groups a new key management paradigmJPINFOTECH JAYAPRAKASH
 
On quality of monitoring for multi channel wireless infrastructure networks
On quality of monitoring for multi channel wireless infrastructure networksOn quality of monitoring for multi channel wireless infrastructure networks
On quality of monitoring for multi channel wireless infrastructure networksJPINFOTECH JAYAPRAKASH
 
Modeling the pairwise key predistribution scheme in the presence of unreliabl...
Modeling the pairwise key predistribution scheme in the presence of unreliabl...Modeling the pairwise key predistribution scheme in the presence of unreliabl...
Modeling the pairwise key predistribution scheme in the presence of unreliabl...JPINFOTECH JAYAPRAKASH
 

More Related Content

What's hot

Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating systemabdullah roomi
 
26 - Panorama Necto 14 data security - visualization & data discovery solution
26 - Panorama Necto 14 data security - visualization & data discovery solution26 - Panorama Necto 14 data security - visualization & data discovery solution
26 - Panorama Necto 14 data security - visualization & data discovery solutionPanorama Software
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Top Security Analytics Tools
Top Security Analytics ToolsTop Security Analytics Tools
Top Security Analytics ToolsPatten John
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Ayed Al Qartah
 
Protecting Against Ransomware
Protecting Against RansomwareProtecting Against Ransomware
Protecting Against RansomwareSymantec
 
Ten Tools for Security Professionals
Ten Tools for Security ProfessionalsTen Tools for Security Professionals
Ten Tools for Security ProfessionalsMcGrewSecurity
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Chris Theisen
 
VMRay intro video
VMRay intro videoVMRay intro video
VMRay intro videoChad Loeven
 
Case of a computer hack
Case of a computer hackCase of a computer hack
Case of a computer hackericwinn
 

What's hot (16)

Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Security in Windows operating system
Security in Windows operating systemSecurity in Windows operating system
Security in Windows operating system
 
Sophos intercept-x
Sophos intercept-xSophos intercept-x
Sophos intercept-x
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
26 - Panorama Necto 14 data security - visualization & data discovery solution
26 - Panorama Necto 14 data security - visualization & data discovery solution26 - Panorama Necto 14 data security - visualization & data discovery solution
26 - Panorama Necto 14 data security - visualization & data discovery solution
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Top Security Analytics Tools
Top Security Analytics ToolsTop Security Analytics Tools
Top Security Analytics Tools
 
Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0Malware Defense-in-Depth 2.0
Malware Defense-in-Depth 2.0
 
Is roles
Is rolesIs roles
Is roles
 
Protecting Against Ransomware
Protecting Against RansomwareProtecting Against Ransomware
Protecting Against Ransomware
 
Ten Tools for Security Professionals
Ten Tools for Security ProfessionalsTen Tools for Security Professionals
Ten Tools for Security Professionals
 
Technical Report Writing Presentation
Technical Report Writing PresentationTechnical Report Writing Presentation
Technical Report Writing Presentation
 
Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]Automated Attack Surface Approximation [FSE - SRC 2015]
Automated Attack Surface Approximation [FSE - SRC 2015]
 
VMRay intro video
VMRay intro videoVMRay intro video
VMRay intro video
 
Case of a computer hack
Case of a computer hackCase of a computer hack
Case of a computer hack
 
Osstmm.3
Osstmm.3Osstmm.3
Osstmm.3
 

Viewers also liked

Dynamic control of coding for progressive packet arrivals in dtns
Dynamic control of coding for progressive packet arrivals in dtnsDynamic control of coding for progressive packet arrivals in dtns
Dynamic control of coding for progressive packet arrivals in dtnsJPINFOTECH JAYAPRAKASH
 
ieee 2013 best project titles with latest techniques
ieee 2013 best project titles with latest techniquesieee 2013 best project titles with latest techniques
ieee 2013 best project titles with latest techniquesJPINFOTECH JAYAPRAKASH
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...JPINFOTECH JAYAPRAKASH
 
Fast transmission to remote cooperative groups a new key management paradigm
Fast transmission to remote cooperative groups a new key management paradigmFast transmission to remote cooperative groups a new key management paradigm
Fast transmission to remote cooperative groups a new key management paradigmJPINFOTECH JAYAPRAKASH
 
On quality of monitoring for multi channel wireless infrastructure networks
On quality of monitoring for multi channel wireless infrastructure networksOn quality of monitoring for multi channel wireless infrastructure networks
On quality of monitoring for multi channel wireless infrastructure networksJPINFOTECH JAYAPRAKASH
 
Modeling the pairwise key predistribution scheme in the presence of unreliabl...
Modeling the pairwise key predistribution scheme in the presence of unreliabl...Modeling the pairwise key predistribution scheme in the presence of unreliabl...
Modeling the pairwise key predistribution scheme in the presence of unreliabl...JPINFOTECH JAYAPRAKASH
 
Mona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudMona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudJPINFOTECH JAYAPRAKASH
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksJPINFOTECH JAYAPRAKASH
 
Security analysis of a privacy preserving decentralized key-policy attribute-...
Security analysis of a privacy preserving decentralized key-policy attribute-...Security analysis of a privacy preserving decentralized key-policy attribute-...
Security analysis of a privacy preserving decentralized key-policy attribute-...JPINFOTECH JAYAPRAKASH
 
Evolution of social networks based on tagging practices
Evolution of social networks based on tagging practicesEvolution of social networks based on tagging practices
Evolution of social networks based on tagging practicesJPINFOTECH JAYAPRAKASH
 
Optimal multicast capacity and delay tradeoffs in manets
Optimal multicast capacity and delay tradeoffs in manetsOptimal multicast capacity and delay tradeoffs in manets
Optimal multicast capacity and delay tradeoffs in manetsJPINFOTECH JAYAPRAKASH
 
Harnessing the cloud for securely outsourcing large scale systems of linear e...
Harnessing the cloud for securely outsourcing large scale systems of linear e...Harnessing the cloud for securely outsourcing large scale systems of linear e...
Harnessing the cloud for securely outsourcing large scale systems of linear e...JPINFOTECH JAYAPRAKASH
 
Discovery and verification of neighbor positions in mobile ad hoc networks
Discovery and verification of neighbor positions in mobile ad hoc networksDiscovery and verification of neighbor positions in mobile ad hoc networks
Discovery and verification of neighbor positions in mobile ad hoc networksJPINFOTECH JAYAPRAKASH
 
Opportunistic mane ts mobility can make up for low transmission power
Opportunistic mane ts mobility can make up for low transmission powerOpportunistic mane ts mobility can make up for low transmission power
Opportunistic mane ts mobility can make up for low transmission powerJPINFOTECH JAYAPRAKASH
 
Personalized qos aware web service recommendation and visualization
Personalized qos aware web service recommendation and visualizationPersonalized qos aware web service recommendation and visualization
Personalized qos aware web service recommendation and visualizationJPINFOTECH JAYAPRAKASH
 
Vampire attacks draining life from wireless ad hoc sensor networks
Vampire attacks draining life from wireless ad hoc sensor networksVampire attacks draining life from wireless ad hoc sensor networks
Vampire attacks draining life from wireless ad hoc sensor networksJPINFOTECH JAYAPRAKASH
 
Preventing private information inference attacks on social networks
Preventing private information inference attacks on social networksPreventing private information inference attacks on social networks
Preventing private information inference attacks on social networksJPINFOTECH JAYAPRAKASH
 
Document clustering for forensic analysis an approach for improving computer ...
Document clustering for forensic analysis an approach for improving computer ...Document clustering for forensic analysis an approach for improving computer ...
Document clustering for forensic analysis an approach for improving computer ...JPINFOTECH JAYAPRAKASH
 

Viewers also liked (19)

Dynamic control of coding for progressive packet arrivals in dtns
Dynamic control of coding for progressive packet arrivals in dtnsDynamic control of coding for progressive packet arrivals in dtns
Dynamic control of coding for progressive packet arrivals in dtns
 
ieee 2013 best project titles with latest techniques
ieee 2013 best project titles with latest techniquesieee 2013 best project titles with latest techniques
ieee 2013 best project titles with latest techniques
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
 
Fast transmission to remote cooperative groups a new key management paradigm
Fast transmission to remote cooperative groups a new key management paradigmFast transmission to remote cooperative groups a new key management paradigm
Fast transmission to remote cooperative groups a new key management paradigm
 
On quality of monitoring for multi channel wireless infrastructure networks
On quality of monitoring for multi channel wireless infrastructure networksOn quality of monitoring for multi channel wireless infrastructure networks
On quality of monitoring for multi channel wireless infrastructure networks
 
Modeling the pairwise key predistribution scheme in the presence of unreliabl...
Modeling the pairwise key predistribution scheme in the presence of unreliabl...Modeling the pairwise key predistribution scheme in the presence of unreliabl...
Modeling the pairwise key predistribution scheme in the presence of unreliabl...
 
Mona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloudMona secure multi owner data sharing for dynamic groups in the cloud
Mona secure multi owner data sharing for dynamic groups in the cloud
 
Toward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networksToward a statistical framework for source anonymity in sensor networks
Toward a statistical framework for source anonymity in sensor networks
 
Security analysis of a privacy preserving decentralized key-policy attribute-...
Security analysis of a privacy preserving decentralized key-policy attribute-...Security analysis of a privacy preserving decentralized key-policy attribute-...
Security analysis of a privacy preserving decentralized key-policy attribute-...
 
Evolution of social networks based on tagging practices
Evolution of social networks based on tagging practicesEvolution of social networks based on tagging practices
Evolution of social networks based on tagging practices
 
Optimal multicast capacity and delay tradeoffs in manets
Optimal multicast capacity and delay tradeoffs in manetsOptimal multicast capacity and delay tradeoffs in manets
Optimal multicast capacity and delay tradeoffs in manets
 
Harnessing the cloud for securely outsourcing large scale systems of linear e...
Harnessing the cloud for securely outsourcing large scale systems of linear e...Harnessing the cloud for securely outsourcing large scale systems of linear e...
Harnessing the cloud for securely outsourcing large scale systems of linear e...
 
Discovery and verification of neighbor positions in mobile ad hoc networks
Discovery and verification of neighbor positions in mobile ad hoc networksDiscovery and verification of neighbor positions in mobile ad hoc networks
Discovery and verification of neighbor positions in mobile ad hoc networks
 
Opportunistic mane ts mobility can make up for low transmission power
Opportunistic mane ts mobility can make up for low transmission powerOpportunistic mane ts mobility can make up for low transmission power
Opportunistic mane ts mobility can make up for low transmission power
 
Personalized qos aware web service recommendation and visualization
Personalized qos aware web service recommendation and visualizationPersonalized qos aware web service recommendation and visualization
Personalized qos aware web service recommendation and visualization
 
Vampire attacks draining life from wireless ad hoc sensor networks
Vampire attacks draining life from wireless ad hoc sensor networksVampire attacks draining life from wireless ad hoc sensor networks
Vampire attacks draining life from wireless ad hoc sensor networks
 
Preventing private information inference attacks on social networks
Preventing private information inference attacks on social networksPreventing private information inference attacks on social networks
Preventing private information inference attacks on social networks
 
Document clustering for forensic analysis an approach for improving computer ...
Document clustering for forensic analysis an approach for improving computer ...Document clustering for forensic analysis an approach for improving computer ...
Document clustering for forensic analysis an approach for improving computer ...
 
A survey of xml tree patterns
A survey of xml tree patternsA survey of xml tree patterns
A survey of xml tree patterns
 

Similar to Securing class initialization in java like languages

JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...IEEEGLOBALSOFTTECHNOLOGIES
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution Ertugrul Akbas
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureMohit Rampal
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
Software Design Level Vulnerability Classification Model
Software Design Level Vulnerability Classification ModelSoftware Design Level Vulnerability Classification Model
Software Design Level Vulnerability Classification ModelCSCJournals
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 

Similar to Securing class initialization in java like languages (20)

JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...
JAVA 2013 IEEE NETWORKSECURITY PROJECT Securing class initialization in java ...
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
 
Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution Context Driven Scalable SIEM Solution
Context Driven Scalable SIEM Solution
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
 
Only Abstract
Only AbstractOnly Abstract
Only Abstract
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountability
 
Sapna ppt
Sapna pptSapna ppt
Sapna ppt
 
F0341026029
F0341026029F0341026029
F0341026029
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
INTRODUCTION
INTRODUCTIONINTRODUCTION
INTRODUCTION
 
Ijnsa050214
Ijnsa050214Ijnsa050214
Ijnsa050214
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Software Design Level Vulnerability Classification Model
Software Design Level Vulnerability Classification ModelSoftware Design Level Vulnerability Classification Model
Software Design Level Vulnerability Classification Model
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Security in Java
Security in JavaSecurity in Java
Security in Java
 

Recently uploaded

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 

Recently uploaded (20)

Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 

Securing class initialization in java like languages

  • 1. Securing Class Initialization in Java-like Languages ABSTRACT: Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object- oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference.
  • 2. EXISTING SYSTEM: Language-based concepts and techniques are becoming increasingly popular in the context of security because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popular examples include: 1) Java stack inspection, which enforces a stack-based access-control discipline, 2) Java byte code verification, which traverses byte code to verify type safety, and 3) web languages such as Caja, ADsafe and FBJS which use program transformation and language subsets to enforce sandboxing and separation properties. Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. There has been much recent progress on understanding information flow in languages of increasing complexity, and, consequently, information-flow security tools for languages such as Java, ML, and Ada have emerged. In particular, information flow in object-oriented languages has been an area of intensive development. However, it is surprising that the impact of class initialization, being an important aspect of object-oriented programs, has received scarce attention in the context of security.
  • 3. DISADVANTAGES OF EXISTING SYSTEM: Complexity is introduced by exceptions raised during initialization, as these can be exploited to leak secret information. The key issue is that class initialization may perform side effects (such as opening a file or updating the memory). The side effects may be exploited by the attacker who may deduce from these side effects which classes have (not) been initialized, which is sometimes sufficient to learn secret information. PROPOSED SYSTEM: We propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. By ensuring that the initialization (or success thereof) of a class containing public fields in no way depends on the evaluation of an expression (or success thereof) containing secret data, the type-and-effect system guarantees security in a form of noninterference. Informally, noninterference guarantees that a program’s public outputs are independent of secret inputs. A key intricacy here is that of class dependencies: An initialization of one class can cause the initialization of other
  • 4. classes. The only approach we are aware of that actually considers class initialization in the context of information-flow security is Jif ADVANTAGES OF PROPOSED SYSTEM: Jif’s restrictions on initialization code are rather severe: only simple constant manipulations, which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in scenarios such as server-side code. SYSTEM CONFIGURATION:- HARDWARE CONFIGURATION:-  Processor - Pentium –IV  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - SVGA
  • 5. SOFTWARE CONFIGURATION:-  Operating System : Windows XP  Programming Language : JAVA  Java Version : JDK 1.6 & above. REFERENCE: Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java-like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013