A context-sensitive security type system for Java

Authors
Kaiser, Benjamin
ORCID
Loading...
Thumbnail Image
Other Contributors
Milanova, Ana
Yener, Bülent, 1959-
Varela, Carlos A.
Issue Date
2015-05
Keywords
Computer science
Degree
MS
Terms of Use
Attribution-NonCommercial-NoDerivs 3.0 United States
This electronic version is a licensed copy owned by Rensselaer Polytechnic Institute, Troy, NY. Copyright of original work retained by author.
Full Citation
Abstract
This thesis presents the theoretical framework for A context-sensitive security type system for Java programs. The primary contribution is JSec, a two-stage protocol that prepares a program containing sensitive data to safely run on an untrusted machine. Given the program and a subset of its variables declared as sensitive, JSec first tracks information flow in order to infer what additional variables must be considered sensitive in order to ensure confidentiality of data. The use of a polymorphic type in this stage permits context-sensitivity, which allows us to type check a very broad class of Java programs. In the second stage, the sensitive variables determined in the first stage are encrypted using homomorphic encryption schemes that allow operations to be computed over ciphertexts. The final program can be safely executed by an untrusted host but must defer to a trusted host for key management, encryption, and decryption.
Existing cryptographic schemes can easily protect sensitive data in transit and while in storage. When it becomes necessary to compute over that data, there are a wide variety of cryptographic and language-based solutions that protect the data in different ways and from different adversaries. However, to date, there are few practical schemes that can fully guarantee the security of sensitive data when an untrusted machine performs operations over it.
Description
May 2015
School of Science
Department
Dept. of Computer Science
Publisher
Rensselaer Polytechnic Institute, Troy, NY
Relationships
Rensselaer Theses and Dissertations Online Collection
Access
CC BY-NC-ND. Users may download and share copies with attribution in accordance with a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License. No commercial use or derivatives are permitted without the explicit approval of the author.