English
Related papers

Related papers: Enforcing Secure Object Initialization in Java

200 papers

In this report, we examine Jif, a Java extension which augments the language with features related to security. Jif adds support for security labels to Java's type system such that the developer can specify confidentiality and integrity…

Programming Languages · Computer Science 2014-12-31 Kyle Pullicino

In this paper we use pre existing language support for type modifiers and object capabilities to enable a system for sound runtime verification of invariants. Our system guarantees that class invariants hold for all objects involved in…

Programming Languages · Computer Science 2019-02-28 Isaac Oscar Gariano , Marco Servetto , Alex Potanin

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the…

Cryptography and Security · Computer Science 2007-05-23 James A. Hoagland , Raju Pandey , Karl N. Levitt

Safety Critical Java (SCJ) is a profile of the Real-Time Specification for Java that brings to the safety-critical industry the possibility of using Java. SCJ defines three compliance levels: Level 0, Level 1 and Level 2. The SCJ…

Software Engineering · Computer Science 2018-05-29 Matt Luckcuck , Andy Wellings , Ana Cavalcanti

This paper explores the effectiveness of modular randomized testing for object oriented programs in Java. Modular testing involves testing individual components of a program in isolation. Often times, for effective test generation, a series…

Software Engineering · Computer Science 2026-05-06 Elizabeth Dinella

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as…

Software Engineering · Computer Science 2010-09-21 Raymond Mui , Phyllis Frankl

We present in this paper a new type and effect system for Java which can be used to ensure adherence to guidelines for secure web programming. The system is based on the region and effect system by Beringer, Grabowski, and Hofmann. It…

Programming Languages · Computer Science 2018-01-24 Serdar Erbatur , Martin Hofmann , Eugen Zalinescu

In software engineering (SE) tasks, the naming approach is so important that it attracts many scholars from all over the world to study how to improve the quality of method names. To accurately recommend method names, we employ a novel…

Software Engineering · Computer Science 2022-01-25 Weidong Wang , Dian Li , Yujian Kang

Unit tests are widely used to check source code quality, but they can be too coarse-grained or ill-suited for testing individual program statements. We introduce inline tests to make it easier to check for faults in statements. We motivate…

Software Engineering · Computer Science 2022-09-15 Yu Liu , Pengyu Nie , Owolabi Legunsen , Milos Gligoric

Aliasing is a known source of challenges in the context of imperative object-oriented languages, which have led to important advances in type systems for aliasing control. However, their large-scale adoption has turned out to be a…

Programming Languages · Computer Science 2016-07-26 Philipp Haller , Alexandre Loiko

Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This paper presents an approach securing a system without any knowledge of…

Cryptography and Security · Computer Science 2007-05-23 Nicolai Kuntze , Thomas Rauch , Andreas U. Schmidt

Organizations struggle to handle sheer number of vulnerabilities in their cloud environments. The de facto methodology used for prioritizing vulnerabilities is to use Common Vulnerability Scoring System (CVSS). However, CVSS has inherent…

Cryptography and Security · Computer Science 2022-06-23 Muhammed Fatih Bulut , Abdulhamid Adebayo , Daby Sow , Steve Ocepek

Programming languages often demarcate the internal sandbox, consisting of entities such as objects and variables, from the outside world, e.g., files or network. Although communication with the external world poses fundamental challenges…

Software Engineering · Computer Science 2023-06-22 Matúš Sulír , Sergej Chodarev , Milan Nosáľ

Rust is a modern systems programming language whose type system guarantees memory safety. For the sake of expressivity and performance it allows programmers to relax typing rules temporarily, using unsafe code blocks. However, in unsafe…

Logic in Computer Science · Computer Science 2022-12-27 Nima Rahimi Foroushaani , Bart Jacobs

We introduce a novel type system for enforcing secure information flow in an imperative language. Our work is motivated by the problem of statically checking potential information leakage in Android applications. To this end, we design a…

Programming Languages · Computer Science 2017-09-28 Hongxu Chen , Alwen Tiu , Zhiwu Xu , Yang Liu

Soundness of a type system is a fundemental property that guarantees that no operation that is not supported by a value will be performed on that value at run time. A type checker for a sound type system is expected to issue a warning on…

Programming Languages · Computer Science 2024-08-21 Elad Kinsbruner , Hila Peleg , Shachar Itzhaky

We propose a new formal criterion for evaluating secure compilation schemes for unsafe languages, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior---for…

Large Language Models (LLMs) are increasingly deployed in agentic systems that interact with an external environment; this makes them susceptible to prompt injections when dealing with untrusted data. To overcome this limitation, we propose…

Cryptography and Security · Computer Science 2026-01-21 Nils Philipp Walter , Chawin Sitawarin , Jamie Hayes , David Stutz , Ilia Shumailov

Black-box adversarial attacks have demonstrated strong potential to compromise machine learning models by iteratively querying the target model or leveraging transferability from a local surrogate model. Recently, such attacks can be…

Machine Learning · Computer Science 2024-09-09 Hanbin Hong , Xinyu Zhang , Binghui Wang , Zhongjie Ba , Yuan Hong

An application security has two primary goals: first, it is intended to prevent unauthorised personnel from accessing information at higher classification than their authorisation. Second, it is intended to prevent personnel from…

Cryptography and Security · Computer Science 2010-06-24 Kotrappa Sirbi , Prakash Jayanth Kulkarni