Francisco Bavera

  • Citations Per Year
Learn More
Static, type-based information flow analysis techniques targeted at Java and JVM-like code typically assume a global security policy on object fields: all fields are assigned a fixed security level. In essence they are treated as standard variables. However different objects may be created under varying security contexts, particularly for widely used(More)
Since its conception, proof-carrying code (PCC) woke up the interest of the research community and several methods based on this technique were developed. This technique guarantees that untrusted programs run safely in a host machine. In a PCC framework, the code producer equips the produced code with a formal proof establishing that the code satisfies the(More)
In this paper, we describe the development and usage of clang static analyzer checker for detecting tainted data in C, C++ and Objective C source programs. The checker is user configurable, so it can be used to check tainted data for any user provided API. It also include subsets of C/C++ APIs commonly used as memory and string(More)
  • 1