
Departmental Papers (CIS)
Date of this Version
6-2009
Document Type
Conference Paper
Recommended Citation
Pavol Cerný and Rajeev Alur, "Automated Analysis of Java Methods for Confidentiality", Lecture Notes in Computer Science: Computer Aided Verification 5643, 173-187. June 2009. http://dx.doi.org/10.1007/978-3-642-02658-4_16
Abstract
We address the problem of analyzing programs such as J2ME midlets for mobile devices, where a central correctness requirement concerns confidentiality of data that the user wants to keep secret. Existing software model checking tools analyze individual program executions, and are not applicable to checking confidentiality properties that require reasoning about equivalence among executions. We develop an automated analysis technique for such properties. We show that both over- and under- approximation is needed for sound analysis. Given a program and a confidentiality requirement, our technique produces a formula that is satisfiable if the requirement holds. We evaluate the approach by analyzing bytecode of a set of Java (J2ME) methods.
Subject Area
CPS Formal Methods
Publication Source
Lecture Notes in Computer Science: Computer Aided Verification
Volume
5643
Start Page
173
Last Page
187
DOI
10.1007/978-3-642-02658-4_16
Copyright/Permission Statement
The original publication is available at www.springerlink.com
Date Posted: 16 July 2012
Comments
From the 21st International Conference, CAV 2009, Grenoble, France, June 26 - July 2, 2009.