LJGS is a lightweight Java core calculus with a gradual security type system. The calculus guarantees secure information flow for sequential, class-based, object-oriented programming with mutable objects and virtual method calls. An LJGS program is composed of fragments that are checked either statically or dynamically. Statically checked fragments adhere to a security type system so that they incur no run-time penalty whereas dynamically checked fragments rely on run-time security labels. The programmer marks the boundaries between static and dynamic checking with casts so that it is always clear whether a program fragment requires run-time checks. LJGS requires security annotations on fields and methods. A field annotation either specifies a fixed static security level or it prescribes dynamic checking. A method annotation specifies a constrained polymorphic security signature. The types of local variables in method bodies are analyzed flow-sensitively and require no annotation. The dynamic checking of fields relies on a static points-to analysis to approximate implicit flows. We prove type soundness and non-interference for LJGS.
Thu 21 Jul
| 13:45 - 14:10 Talk | Link to publication DOI Media Attached | |||||||||||||||||||||||||||||||||||||||||
| 14:10 - 14:35 Talk | Link to publication DOI Media Attached | |||||||||||||||||||||||||||||||||||||||||
| 14:35 - 15:00 Talk | Link to publication DOI Pre-print Media Attached | |||||||||||||||||||||||||||||||||||||||||