To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.co¬m-Visit Our Website: www.finalyearprojects.org
Scaling API-first – The story of a global engineering organization
Securing class initialization in java like languages
1. Securing Class Initialization in Java-like Languages
ABSTRACT:
Language-based information-flow security is concerned with specifying and enforcing security
policies for information flow via language constructs. Although much progress has been made
on understanding information flow in object-oriented programs, little attention has been given
to the impact of class initialization on information flow. This paper turns the spotlight on
security implications of class initialization. We reveal the subtleties of information propagation
when classes are initialized, and demonstrate how these flows can be exploited to leak
information through error recovery. Our main contribution is a type-and-effect system which
tracks these information flows. The type system is parameterized by an arbitrary lattice of
security levels. Flows through the class hierarchy and dependencies in field initializers are
tracked by typing class initializers wherever they could be executed. The contexts in which each
class can be initialized are tracked to prevent insecure flows of out-of-scope contextual
information through class initialization statuses and error recovery. We show that the type
system enforces termination-insensitive noninterference.
GLOBALSOFT TECHNOLOGIES
IEEE PROJECTS & SOFTWARE DEVELOPMENTS
IEEE FINAL YEAR PROJECTS|IEEE ENGINEERING PROJECTS|IEEE STUDENTS PROJECTS|IEEE
BULK PROJECTS|BE/BTECH/ME/MTECH/MS/MCA PROJECTS|CSE/IT/ECE/EEE PROJECTS
CELL: +91 98495 39085, +91 99662 35788, +91 98495 57908, +91 97014 40401
Visit: www.finalyearprojects.org Mail to:ieeefinalsemprojects@gmail.com
2. EXISTING SYSTEM:
Language-based concepts and techniques are becoming increasingly popular in the context of
security because they provide an appropriate level of abstraction for specifying and enforcing
application and language-sensitive security policies. Popular examples include: 1) Java stack
inspection, which enforces a stack-based access-control discipline, 2) Java byte code
verification, which traverses byte code to verify type safety, and 3) web languages such as Caja,
ADsafe and FBJS which use program transformation and language subsets to enforce
sandboxing and separation properties.
Language-based information-flow security is concerned with specifying and enforcing security
policies for information flow via language constructs. There has been much recent progress on
understanding information flow in languages of increasing complexity, and, consequently,
information-flow security tools for languages such as Java, ML, and Ada have emerged. In
particular, information flow in object-oriented languages has been an area of intensive
development. However, it is surprising that the impact of class initialization, being an important
aspect of object-oriented programs, has received scarce attention in the context of security.
DISADVANTAGES OF EXISTING SYSTEM:
Complexity is introduced by exceptions raised during initialization, as these can be
exploited to leak secret information.
The key issue is that class initialization may perform side effects (such as opening a file
or updating the memory). The side effects may be exploited by the attacker who may
deduce from these side effects which classes have (not) been initialized, which is
sometimes sufficient to learn secret information.
3. PROPOSED SYSTEM:
We propose a formalization that illustrates how to track information flow in presence of class
initialization by a type-and-effect system for a simple language. By ensuring that the
initialization (or success thereof) of a class containing public fields in no way depends on the
evaluation of an expression (or success thereof) containing secret data, the type-and-effect
system guarantees security in a form of noninterference. Informally, noninterference guarantees
that a program’s public outputs are independent of secret inputs. A key intricacy here is that of
class dependencies: An initialization of one class can cause the initialization of other classes.
The only approach we are aware of that actually considers class initialization in the context of
information-flow security is Jif
ADVANTAGES OF PROPOSED SYSTEM:
Jif’s restrictions on initialization code are rather severe: only simple constant manipulations,
which cannot raise exceptions, are allowed. Our treatment of class initialization is more liberal
than Jif’s and yet we demonstrate that it is secure. We argue that this liberty is desirable in
scenarios such as server-side code.
SYSTEM CONFIGURATION:-
HARDWARE CONFIGURATION:-
Processor - Pentium –IV
Speed - 1.1 Ghz
RAM - 256 MB(min)
Hard Disk - 20 GB
Key Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
4. SOFTWARE CONFIGURATION:-
Operating System : Windows XP
Programming Language : JAVA
Java Version : JDK 1.6 & above.
REFERENCE:
Willard Rafnsson, Keiko Nakata, and Andrei Sabelfeld-“Securing Class Initialization in Java-
like Languages”-IEEE TRANSACTIONS ON DEPENDABLE AND SECURE
COMPUTING, VOL. 10, NO. 1, JANUARY/FEBRUARY 2013