Validation of Data Flow Results for Program Modules
2010. 404 S. 220 mm
Verlag/Jahr: SÜDWESTDEUTSCHER VERLAG FÜR HOCHSCHULSCHRIFTEN 2010
ISBN: 3-8381-1871-5 (3838118715)
Neue ISBN: 978-3-8381-1871-0 (9783838118710)
The requirement to validate analysis results originated in Java Bytecode Verification on Smart Cards. The generalisation of this specific application enables advanced optimisations or security checks on limited devices in a scenario where the mobile code is transmitted via an inherently insecure transport media like the Internet. This thesis presents a general approach to the validation of interprocedural data flow results for separated software modules, in order to enable the safe use of data flow results on devices which cannot afford to run the data flow analysis on their own. The idea stems from the "Proof-Carrying-Code Principle", which utilises that it is easier to check the correctness of a given solution of a problem than to solve the problem. The validation ensures the correctness of the results but the code producer can perform the complex analysis on a more powerful machine. This is vital in a mobile code scenario where different software modules can be dynamically loaded to the target device and where the potential interactions between the software modules and the runtime environment have to be considered.In 2002 Karsten Klohs received his "Diplom in Informatik" from theUniversity Paderborn. As a research assistant with focus on programanalysis he worked in several projects in automobile and smartcardindustry. He earned his Doctor degree in 2009 before joining thecompany Morpho as System Analyst for high-security smartcards.