[joana15asa] | Jürgen Graf, Martin Hecker, Martin Mohr, Gregor Snelting, Checking Applications using Security APIs with JOANA, July 2015.
8th International Workshop on Analysis of Security APIs |
Abstract
JOANA is a tool for software security analysis, checking up to 100kLOC of full multithreaded Java. JOANA is based on sophisticated program analysis techniques and very precise. JOANA includes a new algorithm guaranteeing probabilistic noninterference, named RLSOD. JOANA needs few annotations, is open source, and was applied in several case studies. The current extended abstract discusses the analysis of security APIs using JOANA. In particular, we practically demonstrate a method which guarantees that code using a cryptographic API does not contain confidentiality leaks. The method is backed by a theorem from Küsters.
Download
BibTeX
Authors at the institute
Projects