SlideShare uma empresa Scribd logo

Securing class initialization in java like languages

Transferir como DOCX, PDF
I
IEEEFINALYEARPROJECTS

To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org

Tecnologia
1 de 4
Securing Class Initialization in Java-like Languages ABSTRACT: Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference. GLOBALSOFT TECHNOLOGIES IEEE PROJECTS & SOFTWARE DEVELOPMENTS IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401 Visit: www.finalyearprojects.org Mail to:ieeefinalsemprojects@gmail.com
EXISTING SYSTEM: Language-based concepts and techniques are becoming increasingly popular in the context of security because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popular examples include: 1) Java stack inspection, which enforces a stack-based access-control discipline, 2) Java byte code verification, which traverses byte code to verify type safety, and 3) web languages such as Caja, ADsafe and FBJS which use program transformation and language subsets to enforce sandboxing and separation properties. Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. There has been much recent progress on understanding information flow in languages of increasing complexity, and, consequently, information-flow security tools for languages such as Java, ML, and Ada have emerged. In particular, information flow in object-oriented languages has been an area of intensive development. However, it is surprising that the impact of class initialization, being an important aspect of object-oriented programs, has received scarce attention in the context of security. DISADVANTAGES OF EXISTING SYSTEM: Complexity is introduced by exceptions raised during initialization, as these can be exploited to leak secret information. The key issue is that class initialization may perform side effects (such as opening a file or updating the memory). The side effects may be exploited by the attacker who may deduce from these side effects which classes have (not) been initialized, which is sometimes sufficient to learn secret information.
PROPOSED SYSTEM: We propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. By ensuring that the initialization (or success thereof) of a class containing public fields in no way depends on the evaluation of an expression (or success thereof) containing secret data, the type-and-effect system guarantees security in a form of noninterference. Informally, noninterference guarantees that a program’s public outputs are independent of secret inputs. A key intricacy here is that of class dependencies: An initialization of one class can cause the initialization of other classes. The only approach we are aware of that actually considers class initialization in the context of information-flow security is Jif ADVANTAGES OF PROPOSED SYSTEM: Jif’s restrictions on initialization code are rather severe: only simple constant manipulations, which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in scenarios such as server-side code. SYSTEM CONFIGURATION:- HARDWARE CONFIGURATION:-  Processor - Pentium –IV  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - SVGA
SOFTWARE CONFIGURATION:-  Operating System : Windows XP  Programming Language : JAVA  Java Version : JDK 1.6 & above. REFERENCE: Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java- like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013

Recomendados

Securing class initialization in java like languages
Securing class initialization in java like languagesSecuring class initialization in java like languages
Securing class initialization in java like languagesJPINFOTECH JAYAPRAKASH
 
Security+
Security+Security+
Security+bestip
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Papitha Velumani
 
Secure Software
Secure SoftwareSecure Software
Secure SoftwareNabin Shakya
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec BenchmarksAung Khant
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phasesTestingXperts
 

Recomendados

Securing class initialization in java like languages
Securing class initialization in java like languagesSecuring class initialization in java like languages
Securing class initialization in java like languagesJPINFOTECH JAYAPRAKASH
 
Security+
Security+Security+
Security+bestip
 
Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02Frank Migge It Security Patch Monitoring With Nagios 02
Frank Migge It Security Patch Monitoring With Nagios 02frank4dd
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Papitha Velumani
 
Secure Software
Secure SoftwareSecure Software
Secure SoftwareNabin Shakya
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec BenchmarksAung Khant
 
Penetration testing tools and phases
Penetration testing tools and phasesPenetration testing tools and phases
Penetration testing tools and phasesTestingXperts
 
Tesina Sobri
Tesina SobriTesina Sobri
Tesina SobriAbraham Domínguez Cuña
 
cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdfDivyaSharma512960
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Become a Penetration Tester
Become a Penetration TesterBecome a Penetration Tester
Become a Penetration TesterSagarMajzumdar
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
A comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesA comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesJOHN ELEKWA
 
Comparable entity mining from comparative questions
Comparable entity mining from comparative questionsComparable entity mining from comparative questions
Comparable entity mining from comparative questionsIEEEFINALYEARPROJECTS
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsIEEEFINALYEARPROJECTS
 
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...IEEEFINALYEARPROJECTS
 
Fast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsFast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsIEEEFINALYEARPROJECTS
 
Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
Security in Java
Security in JavaSecurity in Java
Security in JavaSiddharth Coontoor
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureMohit Rampal
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blockerakila_mano
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationA Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationJoe Osborn
 
Advanced Java
Advanced JavaAdvanced Java
Advanced JavaHossein Mobasher
 

Mais conteúdo relacionado

Mais procurados

cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdfDivyaSharma512960
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Become a Penetration Tester
Become a Penetration TesterBecome a Penetration Tester
Become a Penetration TesterSagarMajzumdar
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...UltraUploader
 
A comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesA comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesJOHN ELEKWA
 

Mais procurados (6)

Tesina Sobri
Tesina SobriTesina Sobri
Tesina Sobri
 
cyber security career guide.pdf
cyber security career guide.pdfcyber security career guide.pdf
cyber security career guide.pdf
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Become a Penetration Tester
Become a Penetration TesterBecome a Penetration Tester
Become a Penetration Tester
 
An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...An analysis of how antivirus methodologies are utilized in protecting compute...
An analysis of how antivirus methodologies are utilized in protecting compute...
 
A comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologiesA comparative analysis of current intrusion detection technologies
A comparative analysis of current intrusion detection technologies
 

Destaque

Comparable entity mining from comparative questions
Comparable entity mining from comparative questionsComparable entity mining from comparative questions
Comparable entity mining from comparative questionsIEEEFINALYEARPROJECTS
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsIEEEFINALYEARPROJECTS
 
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologiesIEEEFINALYEARPROJECTS
 
A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...IEEEFINALYEARPROJECTS
 
Fast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsFast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsIEEEFINALYEARPROJECTS
 

Destaque (6)

Comparable entity mining from comparative questions
Comparable entity mining from comparative questionsComparable entity mining from comparative questions
Comparable entity mining from comparative questions
 
Privacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public cloudsPrivacy preserving delegated access control in public clouds
Privacy preserving delegated access control in public clouds
 
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
2013 2014 ieee finalyear btech mtech dotnet projects richbraintechnologies
 
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
2012 2013 ieee finalyear btech mtech java projects richbraintechnologies
 
A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...A stochastic model to investigate data center performance and qo s in iaas cl...
A stochastic model to investigate data center performance and qo s in iaas cl...
 
Fast nearest neighbor search with keywords
Fast nearest neighbor search with keywordsFast nearest neighbor search with keywords
Fast nearest neighbor search with keywords
 

Semelhante a Securing class initialization in java like languages

Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sLinaCovington707
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureMohit Rampal
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blockerakila_mano
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMScscpconf
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationA Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationJoe Osborn
 
Java: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s MarketJava: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s MarketUncodemy
 
Module 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsModule 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsEwenBenana
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Alexander Decker
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...IJNSA Journal
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 

Semelhante a Securing class initialization in java like languages (20)

Defensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive sDefensive coding practices is one of the most critical proactive s
Defensive coding practices is one of the most critical proactive s
 
Security in Java
Security in JavaSecurity in Java
Security in Java
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
 
10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker10. sig free a signature free buffer overflow attack blocker
10. sig free a signature free buffer overflow attack blocker
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMSWIRELESS COMPUTING AND IT ECOSYSTEMS
WIRELESS COMPUTING AND IT ECOSYSTEMS
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountability
 
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler OptimizationA Verifiable SSA Program Representation For Aggressive Compiler Optimization
A Verifiable SSA Program Representation For Aggressive Compiler Optimization
 
Advanced Java
Advanced JavaAdvanced Java
Advanced Java
 
Only Abstract
Only AbstractOnly Abstract
Only Abstract
 
Java: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s MarketJava: A Secure Programming Language for Today’s Market
Java: A Secure Programming Language for Today’s Market
 
Module 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applicationsModule 4 qui parle de la sécurisation des applications
Module 4 qui parle de la sécurisation des applications
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...Performance evaluation of network security protocols on open source and micro...
Performance evaluation of network security protocols on open source and micro...
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
 
Sapna ppt
Sapna pptSapna ppt
Sapna ppt
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 

Mais de IEEEFINALYEARPROJECTS

Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsIEEEFINALYEARPROJECTS
 
Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsIEEEFINALYEARPROJECTS
 
Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...IEEEFINALYEARPROJECTS
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferIEEEFINALYEARPROJECTS
 
Query adaptive image search with hash codes
Query adaptive image search with hash codesQuery adaptive image search with hash codes
Query adaptive image search with hash codesIEEEFINALYEARPROJECTS
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...IEEEFINALYEARPROJECTS
 
Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...IEEEFINALYEARPROJECTS
 
An access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la nsAn access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la nsIEEEFINALYEARPROJECTS
 
Towards differential query services in cost efficient clouds
Towards differential query services in cost efficient cloudsTowards differential query services in cost efficient clouds
Towards differential query services in cost efficient cloudsIEEEFINALYEARPROJECTS
 
Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...IEEEFINALYEARPROJECTS
 
Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...IEEEFINALYEARPROJECTS
 
Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...IEEEFINALYEARPROJECTS
 
Harnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing largeHarnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing largeIEEEFINALYEARPROJECTS
 
Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...IEEEFINALYEARPROJECTS
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...IEEEFINALYEARPROJECTS
 
Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...IEEEFINALYEARPROJECTS
 
A secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationA secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationIEEEFINALYEARPROJECTS
 
Utility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approachUtility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approachIEEEFINALYEARPROJECTS
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networksIEEEFINALYEARPROJECTS
 

Mais de IEEEFINALYEARPROJECTS (20)

Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewords
 
Scalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewordsScalable face image retrieval using attribute enhanced sparse codewords
Scalable face image retrieval using attribute enhanced sparse codewords
 
Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...Reversible watermarking based on invariant image classification and dynamic h...
Reversible watermarking based on invariant image classification and dynamic h...
 
Reversible data hiding with optimal value transfer
Reversible data hiding with optimal value transferReversible data hiding with optimal value transfer
Reversible data hiding with optimal value transfer
 
Query adaptive image search with hash codes
Query adaptive image search with hash codesQuery adaptive image search with hash codes
Query adaptive image search with hash codes
 
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...Noise reduction based on partial reference, dual-tree complex wavelet transfo...
Noise reduction based on partial reference, dual-tree complex wavelet transfo...
 
Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...Local directional number pattern for face analysis face and expression recogn...
Local directional number pattern for face analysis face and expression recogn...
 
An access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la nsAn access point based fec mechanism for video transmission over wireless la ns
An access point based fec mechanism for video transmission over wireless la ns
 
Towards differential query services in cost efficient clouds
Towards differential query services in cost efficient cloudsTowards differential query services in cost efficient clouds
Towards differential query services in cost efficient clouds
 
Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...Spoc a secure and privacy preserving opportunistic computing framework for mo...
Spoc a secure and privacy preserving opportunistic computing framework for mo...
 
Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...Secure and efficient data transmission for cluster based wireless sensor netw...
Secure and efficient data transmission for cluster based wireless sensor netw...
 
Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...Privacy preserving back propagation neural network learning over arbitrarily ...
Privacy preserving back propagation neural network learning over arbitrarily ...
 
Non cooperative location privacy
Non cooperative location privacyNon cooperative location privacy
Non cooperative location privacy
 
Harnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing largeHarnessing the cloud for securely outsourcing large
Harnessing the cloud for securely outsourcing large
 
Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...Geo community-based broadcasting for data dissemination in mobile social netw...
Geo community-based broadcasting for data dissemination in mobile social netw...
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
 
Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...Dynamic resource allocation using virtual machines for cloud computing enviro...
Dynamic resource allocation using virtual machines for cloud computing enviro...
 
A secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creationA secure protocol for spontaneous wireless ad hoc networks creation
A secure protocol for spontaneous wireless ad hoc networks creation
 
Utility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approachUtility privacy tradeoff in databases an information-theoretic approach
Utility privacy tradeoff in databases an information-theoretic approach
 
Two tales of privacy in online social networks
Two tales of privacy in online social networksTwo tales of privacy in online social networks
Two tales of privacy in online social networks
 

Último

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Securing class initialization in java like languages

  • 1. Securing Class Initialization in Java-like Languages ABSTRACT: Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. Although much progress has been made on understanding information flow in object-oriented programs, little attention has been given to the impact of class initialization on information flow. This paper turns the spotlight on security implications of class initialization. We reveal the subtleties of information propagation when classes are initialized, and demonstrate how these flows can be exploited to leak information through error recovery. Our main contribution is a type-and-effect system which tracks these information flows. The type system is parameterized by an arbitrary lattice of security levels. Flows through the class hierarchy and dependencies in field initializers are tracked by typing class initializers wherever they could be executed. The contexts in which each class can be initialized are tracked to prevent insecure flows of out-of-scope contextual information through class initialization statuses and error recovery. We show that the type system enforces termination-insensitive noninterference. GLOBALSOFT TECHNOLOGIES IEEE PROJECTS & SOFTWARE DEVELOPMENTS IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401 Visit: www.finalyearprojects.org Mail to:ieeefinalsemprojects@gmail.com
  • 2. EXISTING SYSTEM: Language-based concepts and techniques are becoming increasingly popular in the context of security because they provide an appropriate level of abstraction for specifying and enforcing application and language-sensitive security policies. Popular examples include: 1) Java stack inspection, which enforces a stack-based access-control discipline, 2) Java byte code verification, which traverses byte code to verify type safety, and 3) web languages such as Caja, ADsafe and FBJS which use program transformation and language subsets to enforce sandboxing and separation properties. Language-based information-flow security is concerned with specifying and enforcing security policies for information flow via language constructs. There has been much recent progress on understanding information flow in languages of increasing complexity, and, consequently, information-flow security tools for languages such as Java, ML, and Ada have emerged. In particular, information flow in object-oriented languages has been an area of intensive development. However, it is surprising that the impact of class initialization, being an important aspect of object-oriented programs, has received scarce attention in the context of security. DISADVANTAGES OF EXISTING SYSTEM: Complexity is introduced by exceptions raised during initialization, as these can be exploited to leak secret information. The key issue is that class initialization may perform side effects (such as opening a file or updating the memory). The side effects may be exploited by the attacker who may deduce from these side effects which classes have (not) been initialized, which is sometimes sufficient to learn secret information.
  • 3. PROPOSED SYSTEM: We propose a formalization that illustrates how to track information flow in presence of class initialization by a type-and-effect system for a simple language. By ensuring that the initialization (or success thereof) of a class containing public fields in no way depends on the evaluation of an expression (or success thereof) containing secret data, the type-and-effect system guarantees security in a form of noninterference. Informally, noninterference guarantees that a program’s public outputs are independent of secret inputs. A key intricacy here is that of class dependencies: An initialization of one class can cause the initialization of other classes. The only approach we are aware of that actually considers class initialization in the context of information-flow security is Jif ADVANTAGES OF PROPOSED SYSTEM: Jif’s restrictions on initialization code are rather severe: only simple constant manipulations, which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in scenarios such as server-side code. SYSTEM CONFIGURATION:- HARDWARE CONFIGURATION:-  Processor - Pentium –IV  Speed - 1.1 Ghz  RAM - 256 MB(min)  Hard Disk - 20 GB  Key Board - Standard Windows Keyboard  Mouse - Two or Three Button Mouse  Monitor - SVGA
  • 4. SOFTWARE CONFIGURATION:-  Operating System : Windows XP  Programming Language : JAVA  Java Version : JDK 1.6 & above. REFERENCE: Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java- like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013