JOANA is a tool for software security analysis, checking up to
100 kLOC of full multi-threaded Java. JOANA is based on sophisticated
program analysis techniques and thus very precise. It includes a new
algorithm guaranteeing probabilistic noninterference, named
RLSOD. JOANA needs few annotations and has a nice GUI. The tool is
open source and was applied in several case studies. The article
presents an overview of JOANA and its underlying technology.
The invasive computing paradigm offers applications the possibility to dynamically spread their computation in
a multicore/multiprocessor system in a resource-aware way. If applications are assumed to act maliciously, many security
problems arise. In this acticle, we discuss different ways to deal with security problems in a resource-aware way. We
first formalize the attacker model and the different security requirements that applications may have in multi-core
systems. We then survey different hardware and software security mechanisms that can be dynamically configured to
guarantee security on demand for invasive applications.