The Study Of Security Vulnerability Detection Technology Of Java Language Programs

Over the past decade,with the rapid development of the Internet,Java programming language designed for network-based programming features has developed rapidly,expanding its market share in the field of programming.At present,Java programming language is one of two most popular languages.Java programming language written procedures not only used in the PC side,also in the mobile terminal and server platform.The Java programming language is an object-oriented programming language that,when used to write programs,treats all objects as a whole,thereby increasing the readability and reusability of the code.Java runtime environment also refers to the Java virtual machine,is composed of real-time compiler and garbage collector components.The virtual machine mechanism makes the programming of Java programming language not affected by the platform,and has strong "portability".This feature allows Java programmers to write a program code can be used for different platforms,thereby enhancing the efficiency of Java programmers.Java language program to have a high degree of correctness and security,due to the Java programming language many excellent features.The Java programmer itself is difficult to ensure that the code is completely safe and correct,so the Java program vulnerability detection technology in the preparation of code and program development has a very important role.This paper focuses on JOANA(Java Object-sensitive ANAlysis,Java object sensitive analysis)-Java’s information flow control(IFC)framework.Information flow control is concerned with the security of sensitive information being processed by a software.It aims to ensure that software does not leak rightfully accessed sensitive information to unauthorized sinks or taints it with data from unauthorized sources during its computations.It can be used supplementary to established security techniques like access control or encryption to enhance the protection of sensitive information.This thesis presents a practical technique for information flow control for concurrent programs with threads and shared-memory communication.The technique guarantees confidentiality of information with respect to a reasonable attacker model and utilizes program dependence graphs(PDGs),a language-independent representation of information flow in a program,which allows to apply it to all programs that can be translated into a PDG.