Antonio Ravara from Universidade NOVA de Lisboa and Mario Bravetti from University of Bologona, in collaboration with Caixa Mágica Software, presented their tool JaTyC at INNCYBER 2023.
JaTyC statically verifies that when a Java program runs: sequences of method calls obey to object’s protocols; objects’ protocols are completed; null-pointer exceptions are not raised; subclasses’ instances respect the protocol of their superclasses.
With this, JaTyC is able to avoid some crashes before the code is executed. This is crucial for cybersecurity, since crashes may give unintended access to a machine. For example, in some places, it is a common occurrence that ATMs show the operating system’s desktop interface if the bank’s application crashes. Another application to cybersecurity is to analyze systems where security clearance levels are needed in order to execute operations: this can be enforced in JaTyC by e.g. requiring that each operation’s execution is preceded by the successful verification of the operation’s security clearance.
The INNCYBER cybersecurity research projects competition in Portugal awarded JaTyC the 3rd place in the 2023 edition (https://www.inncyberinnovationhub.com/cybersummit).