Security proportional to effort.

The Accrue project aims to provide language-based information security guarantees that are proportional to programmer effort. With little effort, a programmer may receive only weak (but, ideally, formal) guarantees; with more effort, a programmer should receive stronger guarantees.

Software

  • The Accrue Interprocedural Java Analysis Framework (Accrue) is a framework for interprocedural analysis of Java programs. It is built using the Polyglot extensible compiler framework, and is also suitable for interprocedural analysis of programs written in Java language extensions implemented with Polyglot. We developed Accrue to enable inference and discovery of strong information security guarantees in Java programs.

  • Pidgin is a program analysis and understanding tool that enables the specification and enforcement of precise application-specific information security guarantees. Pidgin combines program-dependence graphs (PDGs), which precisely capture the information flows in a whole application, with a custom PDG query language. Queries express properties about the paths in the PDG; because paths in the PDG correspond to information flows in the application, queries can be used to specify global security policies.

  • AbcDatalog is an open-source Datalog engine implemented in Java. It provides ready-to-use implementations of common Datalog evaluation algorithms, including efficient multi-threaded versions of bottom-up and magic set transformation techniques. See the AbcDatalog web page for more details.

People

Publications

Acknowledgments

This material is based upon work supported by the National Science Foundation under Grant No. 1054172. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.