The overall goal is to develop tools and other infrastructure to support research and teaching with the Java Modeling Language (JML) . Security is one of the areas where JML has been most successfully applied. The specific goal of this summer research project is to integrate one of the JML analysis tools (static verifier) with a lightweight type-based security analyzer, to provide formal specification and verification of information flow policies that include conditional downgrading. Downgrading encompasses declassification of secrets and endorsement of untrusted inputs, but for research purposes we will focus on declassification. The type-based security analyzer, SecJ, was developed by Naumann’s PhD student Qi Sun  as part of his dissertation . The prototype system is available online . This work was funded by another NSF award, 1 and in that project we also devised a technique called conditional gradual release (CGR) for specifying and verifying downgrading policies [2, 1]. However, it has not yet been implemented. This summer undergraduate research project will incorporate CGR policies and enforcement into SecJ. In particular, the student will continue development of the SecJ tool b
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.