Abstract | ||
---|---|---|
In typical Web applications, the access control at the database management system is not effective due to the dependency on application behavior. That is, once the information is retrieved, a careless application can easily leak the information to undesirable parties. In addition, database accounts are often shared for multiple Web users in order to allow connection pooling. We propose DIFCA-J (Dynamic Information Flow Control Architecture for Java), to keep track of and control fine-grained information propagation through execution of the program. DIFCA-J allows controlling the information flow at run-time, without needing to modify the source code of the target application or the Java VMs. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1007/978-3-540-74835-9_18 | ESORICS |
Keywords | Field | DocType |
careless application,access control,application behavior,java vms,information flow,fine-grained information propagation,web application,database management system,database account,dynamic information flow control,target application,typical web application,flow control,source code | Information flow (information theory),Architecture,Computer science,Computer security,Source code,Pooling,Program counter,Access control,Web application,Java,Distributed computing | Conference |
Volume | ISSN | ISBN |
4734 | 0302-9743 | 3-540-74834-2 |
Citations | PageRank | References |
8 | 0.49 | 19 |
Authors | ||
5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sachiko Yoshihama | 1 | 139 | 12.28 |
Takeo Yoshizawa | 2 | 19 | 1.55 |
Yuji Watanabe | 3 | 21 | 2.72 |
Michiharu Kudoh | 4 | 20 | 1.88 |
Kazuko Oyanagi | 5 | 18 | 2.19 |