Java Object-sensitive ANAlysis (JOANA)
JOANA analyzes Java programs for security leaks (Information Flow Control, IFC). It guarantees to find all violations of integrity or confidentiality – that is, all leaks which result from illegal information flow within a program. JOANA analyzes up to 100kLOC of full Java with arbitrary threads (without reflection).
Security DSLs provided by the Tool
Name
Description
Security Checks provided by the Tool
Name
Description
Checks whether information flows exist between lists of sources and sinks violating a given information flow policy.