HOME | DEUTSCH | IMPRESSUM | KIT

Conference Papers: Checking Applications using Security APIs with JOANA

[joana15asa]Jürgen Graf, Martin Hecker, Martin Mohr, Gregor Snelting, Checking Applications using Security APIs with JOANA, July 2015. 8th International Workshop on Analysis of Security APIs

Abstract

JOANA is a tool for software security analysis, checking up to 100kLOC of full multithreaded Java. JOANA is based on sophisticated program analysis techniques and very precise. JOANA includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations, is open source, and was applied in several case studies. The current extended abstract discusses the analysis of security APIs using JOANA. In particular, we practically demonstrate a method which guarantees that code using a cryptographic API does not contain confidentiality leaks. The method is backed by a theorem from Küsters.

Download

  [PDF]   [Link]

BibTeX

Authors at the institute

Department Head
Prof. Gregor Snelting
Former Staff Member
Dr.-Ing. Jürgen Graf
Dipl.-Inf. Univ. Martin Hecker
Dipl.-Math. Dipl.-Inform. Martin Mohr

Projects

Project
IFC for Mobile Components
VALSOFT/Joana