Read Paper (in PDF)
Michael Franz
University of California, Irvine
USA
Deepak Chandra
University of California, Irvine
USA
We have implemented an information flow framework for the Java Virtual Machine that combines static and dynamic techniques to capture not only explicit flows, but also implicit ones resulting from control flow. Ahead of execution, we run a static analysis that annotates an executable. During execution, we then dynamically track information flows while using the annotations to safely update the labels of variables that lie in alternative paths of execution. Our framework doesn't require access to source code and is fully backward-compatible with existing Java class files. Preliminary benchmark results suggest that the run-time overhead of information flow techniques such as ours is well within acceptable range for many application domains.
Keywords: information flow, java virtual machine