Java Security Research     

Other Publications

• Hernandez, Victor L. . Including Native Methods in Static Analysis of Java Programs. Masters Thesis. Submitted to the Department of Electrical Engineering and Computer Science at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY. June 2000.
• Jain, S. K., Marceau, G., Zhang, X. Koved, L., Jaeger, J. INTELLECT: INTErmediate-Language LEvel C Translator. IBM Research Report RC23907. IBM T. J. Watson Research Center, P.O. Box 704, Yorktown Heights, New York 10598. March 2006. (PDF)
• Koved, L. Pistoia, M. and Kershenbaum, A. Access Rights Analysis for Java. Proceedings of the ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA) 2002. Copyright © 2000 Association for Computing Machinery. (PDF)
• Leeman, G., Kershenbaum, A., Koved, L., and Reimer, D. Detecting Unwanted Synchronization in Java Programs. Software Engineering and Applications (SEA 2004). Sponsored by International Association of Science and Technology for Development (IASTED). MIT Cambridge, MA USA. November 2004.
• Pistoia, M., Flynn, R. J., Koved, L., Sreedhar, V. C. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. Proceedings of ECOOP 2005 - Object-Oriented Programming: 19th European Conference, Glasgow, UK, July 25-29, 2005. Proceedings. Lecture Notes in Computer Science. Springer Berlin / Heidelberg. (PDF)
• Pistoia, M., Flynn, R. J., Sreedhar, V. C. Static Evaluation of Role-Based Access Control Policies in Distributed Component-Based Systems. IBM Research Report RC 23836. IBM T. J. Watson Research Center, P.O. Box 704, Yorktown Heights, New York 10598. November 2004. (PDF)
• Porat, S. Biberstein, S., Koved, L., Mendelson, B. Automatic Detection of Mutable Fields in Java. Proceedings of CASCON 2000. Copyright © 2000 IBM. (PDF)
• Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Alpern, B., Johnson, R. D., Kershenbaum, A., Koved, L. SABER: Smart Analysis Based Error Reduction. Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis. Boston, MA. Copyright IEEE 2004. (PDF)
• Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Dolby, J., Kershenbaum, A., Koved, L. Validating Structural Properties of Nested Objects. Proceedings of ACM SIGPLAN OOPSLA 2004. Vancouver, BC, Canada. Copyright ACM 2004. (PDF)
• Sreedhar, V. C. Data-Centric Security: Role Analysis and Role Typestate. To appear in Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, 2006 (SACMAT 2006).
• Zhang, X., Jaeger, J., Koved, L. Applying static analysis to verifying security properties. In Proceedings of the 2004 Grace Hopper Conference, October 2004. (PDF | Tech Report)
• Zhang, X., Koved, L., Pistoia, M., Weber, S., Jaeger, J., Marceau, G., Zeng, L. The Case for Analysis Preserving Language Transformation. To appear in the proceedings of International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, Maine, June 2006. (PDF)

Selected Presentations

• Enterprise Java Security Directions 2000. Presented in 2000 at the O'Reilly Conference on Java - Enterprise Java, and at SecureWorld 2000.
• Addressing Security In The Eclipse Core Runtime (RCP)
• Enabling Java 2 Runtime Security with Eclipse Plug-ins: Analyzing Security Requirements for OSGi-Enabled Platforms
• A course on Java 2 security (IBM internal web site)

Java-related Patents

• 7,076,804 Automated program resource identification and association. Kershenbaum, Koved, Pistoia. July 11, 2006
  
• 6,925,638 Mutability analysis in Java. Koved, Mendelson, Porat, Biberstein. August 2, 2005.
  
• 5,915,085 Multiple resource or security contexts in a multithreaded application. Koved. June 22, 1999.
  
• System, apparatus, and method for identifying authorization requirements in component-based systems Pistoia, Koved, Centonze 11/24/05.
• Static analysis based error reduction for software applications. Alpern, Johnson, Kershenbaum, Koved, Leeman, Pistoia, Reimer, Srinivas, Srinivasan. 01/20/05.