Publication Date
Spring 2017
Degree Type
Master's Project
Degree Name
Master of Science (MS)
Department
Computer Science
First Advisor
Thomas Austin
Second Advisor
Robert Chun
Third Advisor
Jon Pearce
Keywords
Information Flow Analysis, data privacy, data integrity
Abstract
With the rapid increase in usage of the internet and online applications, there is a huge demand for applications to handle data privacy and integrity. Applications are already complex with business logic; adding the data safety logic would make them more complicated. The more complex the code becomes, the more possibilities it opens for security-critical bugs. To solve this conundrum, we can push this data safety handling feature to the language level rather than the application level. With a secure language, developers can write their application without having to worry about data security.
This project introduces dynamic information flow analysis in Ruby. I extend the JRuby implementation, which is a widely used implementation of Ruby written in Java. Information flow analysis classifies variables used in the program into different security levels and monitors the data flow across levels. Ruby currently supports data integrity by a tainting mechanism. This project extends this tainting mechanism to handle implicit data flows, enabling it to protect confidentiality as well as integrity. Experimental results based on Ruby benchmarks are presented in this paper, which show that: This project protects confidentiality but at the cost of 1.2 - 10 times slowdown in execution time.
Recommended Citation
Chandrasekaran, Vigneshwari, "Dynamic Information Flow Analysis in Ruby" (2017). Master's Projects. 520.
DOI: https://doi.org/10.31979/etd.kz95-t8bz
https://scholarworks.sjsu.edu/etd_projects/520