https://www.jimbodude.net/w/index.php?action=history&feed=atom&title=MQP%3APaper_Outline 2026-06-14T03:11:33Z Revision history for this page on the wiki MediaWiki 1.26.2 https://www.jimbodude.net/w/index.php?title=MQP:Paper_Outline&diff=2002&oldid=prev 2008-10-30T18:21:18Z

<p>New page: *Introduction *Problem Description **Introduction to Java Security **Challenges in using Java Security **Other approaches to security? *Methods **Static Analysis ***Goals ***Algorithm **...</p> <p><b>New page</b></p><div>*Introduction<br /> <br /> *Problem Description<br /> **Introduction to Java Security<br /> **Challenges in using Java Security<br /> **Other approaches to security?<br /> <br /> *Methods<br /> **Static Analysis<br /> ***Goals<br /> ***Algorithm<br /> ****Koved's algorithm for Java 1.2<br /> ****Extensions and refinements<br /> *****Threads<br /> *****doPrivileged<br /> ****Basic Data Flow Analysis<br /> ***Implementation<br /> ****Soot<br /> *****Call graph generation<br /> *****Type analysis<br /> *****Data flow analysis<br /> ****Analysis Class Structure<br /> ***Limitations of static analysis data<br /> **Action Centric Model<br /> ***Goals<br /> ***Design<br /> ****Resources<br /> *****Groups of actions<br /> ****Actions<br /> *****Action Definitions<br /> *****Filled Actions<br /> ****Rules<br /> *****Rule Definitions<br /> *****Filled Rules<br /> *****Rules and permissions<br /> ****Action to rule translation<br /> ***Implementation<br /> ****Action Model Class Structure<br /> ****XML Specification of Definitions<br /> ****NetBeans Tool<br /> <br /> *Results<br /> **Static Analysis<br /> ***Successes<br /> ****Permission information<br /> ****Summary of permission requirements<br /> ***Limitations<br /> ****Call graph generation<br /> ****Runtime type identification<br /> ****Runtime parameter identification<br /> **Action Centric Model<br /> ***Successes<br /> ****Representation of high-level model<br /> ****Independence from security implementation?<br /> ****Ease of development<br /> ***Extensions<br /> ****Model<br /> *****Parameterized Resources<br /> *****Actions Containing Actions<br /> ****Tool<br /> *****Integration with Static Analysis<br /> *****Use for application deployment<br /> ******Creation of real policy files<br /> *****Storage of policies<br /> *****User interface improvement<br /> <br /> *Conclusions<br /> **Helpfulness of identifying permissions<br /> ***Low-level view of security<br /> ***Specificity of results<br /> **Utility of Action Centric security model<br /> ***High-level model<br /> ***Separation of model and security implementation</div>

Jpolitz