Abstract
Software security has become more important than ever. Unfortunately, still now, the security of a software system is almost always retrofitted to an afterthought. When security problems arise, understanding and correcting them can be very challenging. On the one hand, the program analysis research community has created numerous static and dynamic analysis tools for performance optimization and bug detection in object-oriented programs. On the other hand, the security and privacy research community has been looking for solutions to automatically detect security problems, privacy violations, and access-control requirements of object-oriented programs. The purpose of the First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), was to bring together members of the academic and industrial communities interested in applying analysis, testing, and verification to security and privacy problems, and to encourage program analysis researchers to see the applicability of their work to security and privacy—an area of research that still needs a lot of exploration. This paper summarizes the discussions and contributions of the PASSWORD workshop.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Centonze, P., et al.: Role-Based Access Control Consistency Validation. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA ’06), Portland, Maine, USA, July (2006)
Freeman, A., Jones, A.: Programming.NET Security. O’Reilly & Associates, Inc., Sebastopol (June 2003)
Gopalakrishna, R., Spafford, E.H., Vitek, J.: Efficient Intrusion Detection Using Automaton Inlining. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2005, pp. 18–31. IEEE Computer Society Press, Los Alamitos (2005)
Grandy, H., Stenzel, K., Reif, W.: Refinement of Security Protocol Data Types to Java. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)
Hammer, C., Krinke, J., Snelting, G.: Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In: Proceedings of IEEE International Symposium on Secure Software Engineering, Arlington, Virginia, USA, IEEE Computer Society Press, Los Alamitos (2006)
Koved, L., Pistoia, M., Kershenbaum, A.: Access Rights Analysis for Java. In: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, Seattle, WA, USA, November 2002, pp. 359–372. ACM Press, New York (2002), doi:10.1145/582419.582452
Li, W., Lam, L.-c., Chiueh, T.-c.: Application Specific Sandboxing for Win32/Intel Binaries. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)
Logozzo, F.: Class-level modular analysis for object oriented languages. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, Springer, Heidelberg (2003)
Logozzo, F.: Automatic inference of class invariants. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, Springer, Heidelberg (2004)
Naumovich, G.: A Conservative Algorithm for Computing the Flow of Permissions in Java Programs. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA ’02), Rome, Italy, July, pp. 33–43 (2002)
Naumovich, G., Centonze, P.: Static Analysis of Role-Based Access Control in J2EE Applications. SIGSOFT Software Engineering Notes 29(5), 1–10 (2004), doi:10.1145/1022494.1022530
Nguyen, N., Rathke, J.: Typed Static Analysis for Concurrent, Policy-Based, Resource Access Control. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)
Pistoia, M.: Keynote: Static Analysis for Stack-Inspection and Role-Based Access Control Systems. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)
Pistoia, M., Fink, S.J., Flynn, R.J., Yahav, E.: When Role Models Have Flaws: Static Validation of Enterprise Security Policies. Technical Report RC24056 (W0609-065), IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, USA (September 2006)
Pistoia, M., Flynn, R.J.: Interprocedural Analysis for Automatic Evaluation of Role-Based Access Control Policies. Technical Report RC23846 (W0511-020), IBM Corporation, Thomas J. Watson Research Center, Yorktown Heights, NY, USA (November 2005)
Pistoia, M., et al.: Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol. 3586, Springer, Heidelberg (2005)
Pistoia, M., et al.: Enterprise Java Security. Addison-Wesley, Reading (February 2004)
Pistoia, M., et al.: Java 2 Network Security, 2nd edn. Prentice Hall PTR, Upper Saddle River (August 1999)
Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63, 1278–1308 (1975)
Vitek, J.: Keynote: Advance in Intrusion Detection. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)
Yin, J., et al.: On Estimating the Security Risks of Composite Software Services. In: First Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), co-located with the Twentieth European Conference on Object-Oriented Programming (ECOOP 2006), Nantes, France, July (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Pistoia, M., Logozzo, F. (2007). Program Analysis for Security and Privacy. In: Südholt, M., Consel, C. (eds) Object-Oriented Technology. ECOOP 2006 Workshop Reader. ECOOP 2006. Lecture Notes in Computer Science, vol 4379. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71774-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-71774-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71772-0
Online ISBN: 978-3-540-71774-4
eBook Packages: Computer ScienceComputer Science (R0)