19,301 research outputs found
Sawja: Static Analysis Workshop for Java
Static analysis is a powerful technique for automatic verification of
programs but raises major engineering challenges when developing a full-fledged
analyzer for a realistic language such as Java. This paper describes the Sawja
library: a static analysis framework fully compliant with Java 6 which provides
OCaml modules for efficiently manipulating Java bytecode programs. We present
the main features of the library, including (i) efficient functional
data-structures for representing program with implicit sharing and lazy
parsing, (ii) an intermediate stack-less representation, and (iii) fast
computation and manipulation of complete programs
Using Lightweight Formal Methods for JavaScript Security
The goal of this work was to apply lightweight formal methods to the study of the security of the JavaScript language. Previous work has shown that lightweight formal methods present a new approach to the study of security in the context of the Java Virtual Machine (JVM). The current work has attempted to codify best current practices in the form of a security model for JavaScript. Such a model is a necessary component in analyzing browser actions for vulnerabilities, but it is not sufficient. It is also required to capture actual browser event traces and incorporate these into the model. The work described herein demonstrates that it is (a) possible to construct a model for JavaScript security that captures important properties of current best practices within browsers; and (b) that an event translator has been written that captures the dynamic properties of browser site traversal in such a way that model analysis is tractable, and yields important information about the satisfaction or refutation of the static security rules
- …