SlideShare a Scribd company logo

Securing class initialization in java like languages

Download as DOCX, PDF
I
IEEEFINALYEARPROJECTS

To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org

1 of 4
Securing Class Initialization in Java-like Languages ABSTRACT: Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference. GLOBALSOFT TECHNOLOGIES IEEE PROJECTS & SOFTWARE DEVELOPMENTS IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401 Visit: www.finalyearprojects.org Mail to:ieeefinalsemprojects@gmail.com
EXISTING SYSTEM: Language-based concepts and techniques are becoming increasingly popular in the context of security because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popular examples include: 1) Java stack inspection, which enforces a stack-based access-control discipline, 2) Java byte code verification, which traverses byte code to verify type safety, and 3) web languages such as Caja, ADsafe and FBJS which use program transformation and language subsets to enforce sandboxing and separation properties. Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. There has been much recent progress on understanding information flow in languages of increasing complexity, and, consequently, information-flow security tools for languages such as Java, ML, and Ada have emerged. In particular, information flow in object-oriented languages has been an area of intensive development. However, it is surprising that the impact of class initialization, being an important aspect of object-oriented programs, has received scarce attention in the context of security. DISADVANTAGES OF EXISTING SYSTEM: Complexity is introduced by exceptions raised during initialization, as these can be exploited to leak secret information. The key issue is that class initialization may perform side effects (such as opening a file or updating the memory). The side effects may be exploited by the attacker who may deduce from these side effects which classes have (not) been initialized, which is sometimes sufficient to learn secret information.
PROPOSED SYSTEM: We propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. By ensuring that the initialization (or success thereof) of a class containing public fields in no way depends on the evaluation of an expression (or success thereof) containing secret data, the type-and-effect system guarantees security in a form of noninterference. Informally, noninterference guarantees that a program’s public outputs are independent of secret inputs. A key intricacy here is that of class dependencies: An initialization of one class can cause the initialization of other classes. The only approach we are aware of that actually considers class initialization in the context of information-flow security is Jif ADVANTAGES OF PROPOSED SYSTEM: Jif’s restrictions on initialization code are rather severe: only simple constant manipulations, which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in scenarios such as server-side code. SYSTEM CONFIGURATION:- HARDWARE CONFIGURATION:-  Processor - Pentium –IV  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - SVGA
SOFTWARE CONFIGURATION:-  Operating System : Windows XP  Programming Language : JAVA  Java Version : JDK 1.6 & above. REFERENCE: Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java- like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013

Recommended

Securing class initialization in java like languages
Securing class initialization in java like languagesSecuring class initialization in java like languages
Securing class initialization in java like languages
JPINFOTECH JAYAPRAKASH
 
Security+
Security+Security+
Security+bestip
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02
frank4dd
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities
Papitha Velumani
 
Secure Software
Secure SoftwareSecure Software
Secure SoftwareNabin Shakya
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET Journal
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec BenchmarksAung Khant
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phases
TestingXperts
 

Recommended

Securing class initialization in java like languages
Securing class initialization in java like languagesSecuring class initialization in java like languages
Securing class initialization in java like languages
JPINFOTECH JAYAPRAKASH
 
Security+
Security+Security+
Security+bestip
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02
frank4dd
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities
Papitha Velumani
 
Secure Software
Secure SoftwareSecure Software
Secure SoftwareNabin Shakya
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET Journal
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec BenchmarksAung Khant
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phases
TestingXperts
 
Tesina Sobri
Tesina SobriTesina Sobri
Tesina SobriAbraham Domínguez Cuña
 
cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdf
DivyaSharma512960
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
Khaleel Assadi
 
Become a Penetration Tester
Become a Penetration TesterBecome a Penetration Tester
Become a Penetration Tester
SagarMajzumdar
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
A comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesA comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesJOHN ELEKWA
 
Comparable entity mining from comparative questions
Comparable entity mining from comparative questionsComparable entity mining from comparative questions
Comparable entity mining from comparative questions
IEEEFINALYEARPROJECTS
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public clouds
IEEEFINALYEARPROJECTS
 
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...
IEEEFINALYEARPROJECTS
 
Fast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsFast nearest neighbor search with keywords
Fast nearest neighbor search with keywords
IEEEFINALYEARPROJECTS
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
LinaCovington707
 
Security in Java
Security in JavaSecurity in Java
Security in JavaSiddharth Coontoor
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
CSCJournals
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureMohit Rampal
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker
akila_mano
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMS
cscpconf
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
ahmad abdelhafeez
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationA Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
Joe Osborn
 
Advanced Java
Advanced JavaAdvanced Java
Advanced JavaHossein Mobasher
 

More Related Content

What's hot

cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdf
DivyaSharma512960
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
Khaleel Assadi
 
Become a Penetration Tester
Become a Penetration TesterBecome a Penetration Tester
Become a Penetration Tester
SagarMajzumdar
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
A comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesA comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesJOHN ELEKWA
 

What's hot (6)

Tesina Sobri
Tesina SobriTesina Sobri
Tesina Sobri
 
cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdf
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Become a Penetration Tester
Become a Penetration TesterBecome a Penetration Tester
Become a Penetration Tester
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...
 
A comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesA comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologies
 

Viewers also liked

Comparable entity mining from comparative questions
Comparable entity mining from comparative questionsComparable entity mining from comparative questions
Comparable entity mining from comparative questions
IEEEFINALYEARPROJECTS
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public clouds
IEEEFINALYEARPROJECTS
 
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...
IEEEFINALYEARPROJECTS
 
Fast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsFast nearest neighbor search with keywords
Fast nearest neighbor search with keywords
IEEEFINALYEARPROJECTS
 

Viewers also liked (6)

Comparable entity mining from comparative questions
Comparable entity mining from comparative questionsComparable entity mining from comparative questions
Comparable entity mining from comparative questions
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public clouds
 
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
 
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
 
A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...
 
Fast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsFast nearest neighbor search with keywords
Fast nearest neighbor search with keywords
 

Similar to Securing class initialization in java like languages

Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
LinaCovington707
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
CSCJournals
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureMohit Rampal
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker
akila_mano
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMS
cscpconf
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
ahmad abdelhafeez
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationA Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
Joe Osborn
 
Only Abstract
Only AbstractOnly Abstract
Only Abstract
guesta67d4a
 
Java: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s MarketJava: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s Market
Uncodemy
 
Module 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsModule 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applications
EwenBenana
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
Alexander Decker
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
Alexander Decker
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
IJNSA Journal
 
Sapna ppt
Sapna pptSapna ppt
Sapna ppt
Sapna Kumari
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
Aryan G
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 

Similar to Securing class initialization in java like languages (20)

Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
 
Security in Java
Security in JavaSecurity in Java
Security in Java
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMS
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountability
 
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationA Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
 
Advanced Java
Advanced JavaAdvanced Java
Advanced Java
 
Only Abstract
Only AbstractOnly Abstract
Only Abstract
 
Java: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s MarketJava: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s Market
 
Module 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsModule 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applications
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
 
Sapna ppt
Sapna pptSapna ppt
Sapna ppt
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 

More from IEEEFINALYEARPROJECTS

Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewords
IEEEFINALYEARPROJECTS
 
Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewords
IEEEFINALYEARPROJECTS
 
Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...
IEEEFINALYEARPROJECTS
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transfer
IEEEFINALYEARPROJECTS
 
Query adaptive image search with hash codes
Query adaptive image search with hash codesQuery adaptive image search with hash codes
Query adaptive image search with hash codes
IEEEFINALYEARPROJECTS
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
IEEEFINALYEARPROJECTS
 
Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...
IEEEFINALYEARPROJECTS
 
An access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la nsAn access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la ns
IEEEFINALYEARPROJECTS
 
Towards differential query services in cost efficient clouds
Towards differential query services in cost efficient cloudsTowards differential query services in cost efficient clouds
Towards differential query services in cost efficient clouds
IEEEFINALYEARPROJECTS
 
Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...
IEEEFINALYEARPROJECTS
 
Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...
IEEEFINALYEARPROJECTS
 
Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...
IEEEFINALYEARPROJECTS
 
Non cooperative location privacy
Non cooperative location privacyNon cooperative location privacy
Non cooperative location privacy
IEEEFINALYEARPROJECTS
 
Harnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing largeHarnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing large
IEEEFINALYEARPROJECTS
 
Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...
IEEEFINALYEARPROJECTS
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
IEEEFINALYEARPROJECTS
 
Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...
IEEEFINALYEARPROJECTS
 
A secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationA secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creation
IEEEFINALYEARPROJECTS
 
Utility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approachUtility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approach
IEEEFINALYEARPROJECTS
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networks
IEEEFINALYEARPROJECTS
 

More from IEEEFINALYEARPROJECTS (20)

Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewords
 
Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewords
 
Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transfer
 
Query adaptive image search with hash codes
Query adaptive image search with hash codesQuery adaptive image search with hash codes
Query adaptive image search with hash codes
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
 
Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...
 
An access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la nsAn access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la ns
 
Towards differential query services in cost efficient clouds
Towards differential query services in cost efficient cloudsTowards differential query services in cost efficient clouds
Towards differential query services in cost efficient clouds
 
Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...
 
Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...
 
Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...
 
Non cooperative location privacy
Non cooperative location privacyNon cooperative location privacy
Non cooperative location privacy
 
Harnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing largeHarnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing large
 
Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
 
Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...
 
A secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationA secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creation
 
Utility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approachUtility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approach
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networks
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 

Securing class initialization in java like languages

  • 1. Securing Class Initialization in Java-like Languages ABSTRACT: Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference. GLOBALSOFT TECHNOLOGIES IEEE PROJECTS & SOFTWARE DEVELOPMENTS IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401 Visit: www.finalyearprojects.org Mail to:ieeefinalsemprojects@gmail.com
  • 2. EXISTING SYSTEM: Language-based concepts and techniques are becoming increasingly popular in the context of security because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popular examples include: 1) Java stack inspection, which enforces a stack-based access-control discipline, 2) Java byte code verification, which traverses byte code to verify type safety, and 3) web languages such as Caja, ADsafe and FBJS which use program transformation and language subsets to enforce sandboxing and separation properties. Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. There has been much recent progress on understanding information flow in languages of increasing complexity, and, consequently, information-flow security tools for languages such as Java, ML, and Ada have emerged. In particular, information flow in object-oriented languages has been an area of intensive development. However, it is surprising that the impact of class initialization, being an important aspect of object-oriented programs, has received scarce attention in the context of security. DISADVANTAGES OF EXISTING SYSTEM: Complexity is introduced by exceptions raised during initialization, as these can be exploited to leak secret information. The key issue is that class initialization may perform side effects (such as opening a file or updating the memory). The side effects may be exploited by the attacker who may deduce from these side effects which classes have (not) been initialized, which is sometimes sufficient to learn secret information.
  • 3. PROPOSED SYSTEM: We propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. By ensuring that the initialization (or success thereof) of a class containing public fields in no way depends on the evaluation of an expression (or success thereof) containing secret data, the type-and-effect system guarantees security in a form of noninterference. Informally, noninterference guarantees that a program’s public outputs are independent of secret inputs. A key intricacy here is that of class dependencies: An initialization of one class can cause the initialization of other classes. The only approach we are aware of that actually considers class initialization in the context of information-flow security is Jif ADVANTAGES OF PROPOSED SYSTEM: Jif’s restrictions on initialization code are rather severe: only simple constant manipulations, which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in scenarios such as server-side code. SYSTEM CONFIGURATION:- HARDWARE CONFIGURATION:-  Processor - Pentium –IV  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - SVGA
  • 4. SOFTWARE CONFIGURATION:-  Operating System : Windows XP  Programming Language : JAVA  Java Version : JDK 1.6 & above. REFERENCE: Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java- like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013