Abstract
The security of a software system is almost always retrofitted to an afterthought. When security problems arise, understanding and correcting them can be very challenging. On the one hand, the program-analysis and programming-languages research community has created numerous static and dynamic analysis tools for performance optimization and bug detection in object-oriented programs. On the other hand, the security and privacy research community has been looking for solutions to automatically detect security problems, information-flow violations, and access-control requirements in object-oriented programs. This tutorial discusses advantages and disadvantages of static and dynamic analysis for automated detection of security problems such as access-control violations and information-flow vulnerabilities.
Similar content being viewed by others
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pistoia, M. (2008). Program Analysis and Programming Languages for Security. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2008. Lecture Notes in Computer Science, vol 4905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78163-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-78163-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78162-2
Online ISBN: 978-3-540-78163-9
eBook Packages: Computer ScienceComputer Science (R0)