| In the 1970 s, the theory of information flow control has become one of the three control theories in the field of information security. However, due to the absence of practical application in information system development, the problems caused by information leakage still emerge in endlessly. The development of information system currently used mostly objected-oriented technology. Although the mainstream programming language supports the object-oriented technology, it cannot support verification of the program’s internal security information flow, let alone the development of security information system. Based on the study of information flow control theory, this thesis enhances the security of Java compiler. The main work and contributions of this thesis are as follows:1、The security analysis of Java architectureAfter a brief introduction of Java language architecture, the security features of Java language are analyzed, and on this basis, in order to the Java platform, security mechanism introduced in Java2 are analyzed, and the security features of the Java virtual machine especially Java class loading device and API are analyzed. Through the above analysis, the next step of the thesis is to enhance the security of the Java compiler, which brings the security enhanced compiler(s Java) a certain control capability for information flow.2、Deeply study and analysis of information flow control theory as well as related modelBased on the brief introduction of grid and information flow strategies, this section presents a detailed analysis for the characteristics and security of the information-flow-control-based security grid model. Then, this section analyses the security of the two typical models in information flow security model, including BLP model and Biba model, especially the adaptability of BLP model in practical system. Based on the analysis, from the perspective of security enhancement to the Java compiler, this section presents a detailed introduction to the extended military security model produced early by our laboratory and analyses the methods to enhance the security of Java compiler, combined with control methods of compilation mechanism information flow.3、Security enhancement of Java compiler on the basis of information flow control theory and extended military security modelFirstly, based on Java compilation mechanism and extended military security model, this section designs the means of s Java lexical analysis. According to this means, this section defines the keywords on the basis of the Java raw compiler and explains the processing methods to number, string and array in s Java compiler.Secondly, on the basis of analyzing the syntax of the Jikes compiler, this section designs and implements the security enhancement of s Java’s syntax at the foundation of extended military security model. This section is the main part of the Java complier security enhancement, including the changes of assignment statement, variable declaration, compound statement, select statement, loop statement and the main function syntax.Finally, based on the security enhancement of lexis and grammar, the semantics of the s Java compiler is improved. Main work includes four-element-type-based translation of simple assignment statement, boolean expression, condition statement. At last, these improvements are implanted in Jikes compiler, producing s Java compiler with support of the Java language and certain control capability of information flow.4、Security analysis of the s Java compiler with security enhancedAccording to the definition of information security, this section analyses the security-enhanced s Java compiler, respectively from three aspects: confidentiality, integrity and availability. Analysis shows that s Java compiler primarily reaches the target of alarming to policy source code for violation of information flow, so as to provide some support for improving the s Java-compiler-based information system’s ability against information flow leakage. |
PDF Full Text Request