3 research outputs found
LJGS: Gradual Security Types for Object-Oriented Languages (Artifact)
JGS-check is the accompanying artifact to "LJGS: Gradual Security Types for Object-Oriented Languages". LJGS is a Java-like language with gradual security typing. It features a constraint based information flow type system that includes a type dynamic and type casts. Dynamically typed fragments are liberally accepted by the type checker and rely on run-time enforcement for security. JGS-check is a type checker for the subset of Java that corresponds to the calculus presented in the paper and that implements the constraint generation and satisfiability checks of LJGS\u27 type system. It\u27s purpose is to illustrate and substantiate the behavior of our gradual security type system. It takes a directory of Java source code as input and reports methods that violate the typing rules. JGS-check is merely a type checker and does not implement code generation.
The submission archive includes the compiled type checker, the code of the example section (Section 2) as well additional examples and testcases that did not fit into the paper. The user should also be able to check custom code as long as it corresponds the subset of Java that is covered by LJGS
LJGS: Gradual Security Types for Object-Oriented Languages
LJGS is a lightweight Java core calculus with a gradual security type system. The calculus guarantees secure information flow for
sequential, class-based, typed object-oriented programming with
mutable objects and virtual method calls. An LJGS program is
composed of fragments that are checked either statically or
dynamically. Statically checked fragments adhere to a security type
system so that they incur no run-time penalty whereas dynamically
checked fragments rely on run-time security labels. The programmer
marks the boundaries between static and dynamic checking with casts
so that it is always clear whether a program fragment requires
run-time checks. LJGS requires security annotations on fields and
methods. A field annotation either specifies a fixed static
security level or it prescribes dynamic checking. A method
annotation specifies a constrained polymorphic security signature.
The types of local variables in method bodies are analyzed
flow-sensitively and require no annotation. The dynamic checking of
fields relies on a static points-to analysis to approximate implicit
flows. We prove type soundness and non-interference for LJGS