Security metrics for Java bytecode programs
Data(s) |
2013
|
---|---|
Resumo |
Although there are many approaches for developing secure programs, they are not necessarily helpful for evaluating the security of a pre-existing program. Software metrics promise an easy way of comparing the relative security of two programs or assessing the security impact of modifications to an existing one. Most studies in this area focus on high level source code but this approach fails to take compiler-specific code generation into account. In this work we describe a set of object-oriented Java bytecode security metrics which are capable of assessing the security of a compiled program from the point of view of potential information flow. These metrics can be used to compare the security of programs or assess the effect of program modifications on security using a tool which we have developed to automatically measure the security of a given Java bytecode program in terms of the accessibility of distinguished ‘classified’ attributes. |
Formato |
application/pdf |
Identificador | |
Publicador |
Knowledge Systems Institute |
Relação |
http://eprints.qut.edu.au/69134/1/Fidge_accepted_paper.pdf http://www.ksi.edu/seke/Proceedings/seke/SEKE2013_Proceedings.pdf Alshammari, Bandar, Fidge, Colin J., & Corney, Diane (2013) Security metrics for Java bytecode programs. In Proceedings of the Twenty-Fifth International Conference on Software Engineering and Knowledge Engineering (SEKE 2013), Knowledge Systems Institute, Hyatt Harborside at Logan Int'l Airport, Boston, Mass, pp. 394-399. |
Direitos |
Copyright 2013 Knowledge Systems Institute |
Fonte |
School of Electrical Engineering & Computer Science; Science & Engineering Faculty |
Palavras-Chave | #Object-orientation #Security metrics #Security analyser #Java bytecode |
Tipo |
Conference Paper |