ECOOP 2018
Sun 15 - Sat 21 July 2018 Amsterdam, Netherlands
co-located with ECOOP and ISSTA 2018
Tue 17 Jul 2018 14:00 - 14:30 at Bangkok - Session 2 Chair(s): Frank S. de Boer

Software testing is the most commonly used technique in the industry to certify the correctness of software, including security properties like access control and data privacy. However, information flow control and the detection of information leaks using tests, without the use of specialized monitoring and assessment tools, is a demanding task.

In this paper, we tackle the challenge of dynamically tracking information flow in third-party Java-based applications, using dependent security levels. Dependent levels increase the expressiveness of traditional information flow control by parametrizing levels with context-related information and allowing for more detailed and fine-grained policies.

We present ongoing work on a specification and instrumentation approach for rewriting JVM compiled code with in-lined reference monitors. Our prototype works at the level of the single-static assignment SOOT intermediate language Shimple. We illustrate the approach with an example and present a working tool.

Tue 17 Jul
Times are displayed in time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30: Session 2VORTEX at Bangkok
Chair(s): Frank S. de BoerCentrum Wiskunde & Informatica, Leiden University
14:00 - 14:30
P: Eduardo Geraldo, João Costa SecoNOVA LINCS -- Universidade Nova de Lisboa
14:30 - 15:00
15:00 - 15:30
Giorgio AudritoUniversità di Torino, P: Ferruccio DamianiUniversity of Turin, Volker StolzHøgskulen på Vestlandet, Mirko ViroliUniversity of Bologna