English

Jif: Language-based Information-flow Security in Java

Programming Languages 2014-12-31 v1 Cryptography and Security
Authors: Kyle Pullicino
View on arXiv PDF

Abstract

In this report, we examine Jif, a Java extension which augments the language with features related to security. Jif adds support for security labels to Java's type system such that the developer can specify confidentiality and integrity policies to the various variables used in their program. We list the main features of Jif and discuss the information flow problem that Jif helps to solve. We see how the information flow problem occurs in real-world systems by looking at two examples: Civitas, a ballot/voting system where voters do not necessarily trust voting agents, and SIF, a web application container implemented using Jif. Finally, we implement a small program that simulates information flow in a booking system containing sensitive data and discuss the usefulness of Jif based on this program.

Cite

@article{arxiv.1412.8639,
  title  = {Jif: Language-based Information-flow Security in Java},
  author = {Kyle Pullicino},
  journal= {arXiv preprint arXiv:1412.8639},
  year   = {2014}
}

Related papers

View all related →
Operating Systems · Computer Science
Performance Evaluation of Java File Security System (JFSS)
Brijender Kahanwal, Dr. Tejinder Pal Singh, Dr. R. K. Tuteja
2014-03-25
Software Engineering · Computer Science
Java File Security System (JFSS) Evaluation Using Software Engineering Approaches
Brijender Kahanwal, Tejinder Pal Singh
2013-12-09
Software Engineering · Computer Science
Tool-Supported Architecture-Based Data Flow Analysis for Confidentiality
Felix Schwickerath, Nicolas Boltz, Sebastian Hahner, Maximilian Walter +2
2023-08-04
Software Engineering · Computer Science
SNITCH: Dynamic Dependent Information Flow Analysis for Independent Java Bytecode
Eduardo Geraldo, João Costa Seco
2019-08-28
Software Engineering · Computer Science
Evaluating the Language-Based Security for Plugin Development
Naisheng Liang, Alex Potanin
2024-05-14
Cryptography and Security · Computer Science
Software Security analysis, static and dynamic testing in java and C environment, a comparative study
Manas Gaur
2012-08-17
Programming Languages · Computer Science
Information Flow Analysis for a Dynamically Typed Functional Language with Staged Metaprogramming
Martin Lester, Luke Ong, Max Schaefer
2013-02-14
Programming Languages · Computer Science
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control (Extended Version)
Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell +1
2015-01-20
Cryptography and Security · Computer Science
Java File Security System (JFSS)
Dr. Brijender Kahanwal, Kanishak Dua, Dr. Girish Pal Singh
2013-11-14
Software Engineering · Computer Science
Automated Evolution of Feature Logging Statement Levels Using Git Histories and Degree of Interest
Yiming Tang, Allan Spektor, Raffi Khatchadourian, Mehdi Bagherzadeh
2022-07-20
Cryptography and Security · Computer Science
An Empirical Study of Information Flows in Real-World JavaScript
Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel +1
2019-06-28
Cryptography and Security · Computer Science
A Java Data Security Framework (JDSF) and its Case Studies
Serguei A. Mokhov, Lee Wei Huynh, Jian Li, Farid Rassai
2016-04-04
Software Engineering · Computer Science
Using Information Flow to estimate interference between developers same method contributions
Roberto Souto Maior de Barros Filho, Paulo Borba
2024-04-15
Cryptography and Security · Computer Science
Confidentiality enforcement by hybrid control of information flows
Joachim Biskup, Cornelia Tadros, Jaouad Zarouali
2017-07-27
Networking and Internet Architecture · Computer Science
A Progressive Network Management Architecture Enabled By Java Technology
Damianos Gavalas, Dominic Greenwood, Mohammed Ghanbari, Mike O'Mahony
2010-12-21
Cryptography and Security · Computer Science
IFCIL: An Information Flow Configuration Language for SELinux (Extended Version)
Lorenzo Ceragioli, Letterio Galletta, Pierpaolo Degano, David Basin
2022-06-01
Software Engineering · Computer Science
Continuous Flow Analysis to Detect Security Problems
Steven P. Reiss
2019-10-01
Programming Languages · Computer Science
Linguistic Reflection in Java
G. N. C. Kirby, R. Morrison, D. W. Stemple
2007-05-23
Software Engineering · Computer Science
jpf-concurrent: An extension of Java PathFinder for java.util.concurrent
Mateusz Ujma, Nastaran Shafiei
2015-03-20
Cryptography and Security · Computer Science
A Language for Smart Contracts with Secure Control Flow (Technical Report)
Siqiu Yao, Haobin Ni, Stephanie Ma, Noah Schiff +2
2025-04-24
Cryptography and Security · Computer Science
Secure Coding Practices in Java: Challenges and Vulnerabilities
Na Meng, Stefan Nagy, Daphne Yao, Wenjie Zhuang +1
2017-09-29
Software Engineering · Computer Science
A Study of Single Statement Bugs Involving Dynamic Language Features
Li Sui, Shawn Rasheed, Amjed Tahir, Jens Dietrich
2022-04-05
Cryptography and Security · Computer Science
A Brief Review on Some Architectures Providing Support for DIFT
Ali Jahanshahi
2019-11-14
Programming Languages · Computer Science
Pifthon: A Compile-Time Information Flow Analyzer For An Imperative Language
Sandip Ghosal, R. K. Shyamasundar
2021-03-11
Programming Languages · Computer Science
User-driven Design and Evaluation of Liquid Types in Java
Catarina Gamboa, Paulo Alexandre Santos, Christopher S. Timperley, Alcides Fonseca
2021-10-12
R2 v1 2026-06-22T07:47:00.059Z