HOME | ENGLISH | IMPRESSUM | KIT

Konferenzartikel: Checking Applications using Security APIs with JOANA

[joana15asa]Jürgen Graf, Martin Hecker, Martin Mohr, Gregor Snelting, Checking Applications using Security APIs with JOANA, July 2015. 8th International Workshop on Analysis of Security APIs

Zusammenfassung

JOANA is a tool for software security analysis, checking up to 100kLOC of full multithreaded Java. JOANA is based on sophisticated program analysis techniques and very precise. JOANA includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations, is open source, and was applied in several case studies. The current extended abstract discusses the analysis of security APIs using JOANA. In particular, we practically demonstrate a method which guarantees that code using a cryptographic API does not contain confidentiality leaks. The method is backed by a theorem from Küsters.

Download

  [PDF]   [Link]

BibTeX

Institutsinterne Autoren

Lehrstuhlinhaber
Prof. Gregor Snelting
Wissenschaftliche Mitarbeiter
Martin Hecker
Martin Mohr
Ehemalige Mitarbeiter
Dr.-Ing. Jürgen Graf

Projekte

Projekt
IFC for Mobile Components
VALSOFT/Joana