Checking probabilistic noninterference using JOANA
-
Gregor Snelting is a full professor for Informatics at KIT. His research group works on compilers, code optimization, program analysis, information flow control, and verification. Snelting originally invented PDG-based IFC and contributed to various JOANA aspects.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Dennis Giffhorn was a member of Prof. Snelting's group. He finished his doctoral thesis on slicing of concurrent programs in 2012. He developed the original RLSOD criterion and its soundness proof.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Jürgen Graf studied computer science at the University of Passau and works since 2007 as a research assistant at Prof. Snelting's group. In particular, he is interested in enhancing performance, precision and modularity of SDG-based information flow control analyses.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
,
Christian Hammer is a Juniorprofessor at the Saarland University. He finished his doctoral thesis on information flow control for Java at Prof. Snelting s group in 2009. He developed the original JOANA kernel.
CISPA, Campus E1.1, D 66123 Saarbrücken
Martin Hecker studied computer science at the University of Münster and works since 2010 as a research assistant at Prof. Snelting's group. In particular, he is interested in information flow control for distributed systems.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Martin Mohr studied computer science and mathematics at the University of Münster and works since 2011 as a research assistant at Prof. Snelting's group. In particular, he is interested in optimizing points-to analysis for use in information flow control for object-oriented programs.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Daniel Wasserrab was a member of Prof. Snelting s group. He finished his doctoral thesis on the formal semantics of slicing in 2010. He provided an Isabelle-checked soundness proofs for PDG-based IFC.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Abstract
JOANA is a tool for software security analysis, checking up to 100 kLOC of full multi-threaded Java. JOANA is based on sophisticated program analysis techniques and thus very precise. It includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations and has a nice GUI. The tool is open source and was applied in several case studies. The article presents an overview of JOANA and its underlying technology.
About the authors
Gregor Snelting is a full professor for Informatics at KIT. His research group works on compilers, code optimization, program analysis, information flow control, and verification. Snelting originally invented PDG-based IFC and contributed to various JOANA aspects.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Dennis Giffhorn was a member of Prof. Snelting's group. He finished his doctoral thesis on slicing of concurrent programs in 2012. He developed the original RLSOD criterion and its soundness proof.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Jürgen Graf studied computer science at the University of Passau and works since 2007 as a research assistant at Prof. Snelting's group. In particular, he is interested in enhancing performance, precision and modularity of SDG-based information flow control analyses.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Christian Hammer is a Juniorprofessor at the Saarland University. He finished his doctoral thesis on information flow control for Java at Prof. Snelting s group in 2009. He developed the original JOANA kernel.
CISPA, Campus E1.1, D 66123 Saarbrücken
Martin Hecker studied computer science at the University of Münster and works since 2010 as a research assistant at Prof. Snelting's group. In particular, he is interested in information flow control for distributed systems.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Martin Mohr studied computer science and mathematics at the University of Münster and works since 2011 as a research assistant at Prof. Snelting's group. In particular, he is interested in optimizing points-to analysis for use in information flow control for object-oriented programs.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
Daniel Wasserrab was a member of Prof. Snelting s group. He finished his doctoral thesis on the formal semantics of slicing in 2010. He provided an Isabelle-checked soundness proofs for PDG-based IFC.
Karlsruhe Institute of Technology, Faculty of Informatics, D-76131 Karlsruhe
©2014 Walter de Gruyter Berlin/Boston
Artikel in diesem Heft
- Frontmatter
- Editorial
- Reliably secure software systems
- Special Issue
- Making security type systems less ad hoc
- The linear-hyper-branching spectrum of temporal logics
- Checking probabilistic noninterference using JOANA
- Confidentiality for Android apps: Specification and verification
- Information flow control for workflow management systems
- Security in e-voting
- Self-Portrayals of GI Junior Fellows
- Designing networks for challenging applications
- Theory for processing data on the Web
- Distinguished Dissertations
- On the insecurity of XML Security
Artikel in diesem Heft
- Frontmatter
- Editorial
- Reliably secure software systems
- Special Issue
- Making security type systems less ad hoc
- The linear-hyper-branching spectrum of temporal logics
- Checking probabilistic noninterference using JOANA
- Confidentiality for Android apps: Specification and verification
- Information flow control for workflow management systems
- Security in e-voting
- Self-Portrayals of GI Junior Fellows
- Designing networks for challenging applications
- Theory for processing data on the Web
- Distinguished Dissertations
- On the insecurity of XML Security
