Security properties of typed applets

This paper formcdizes the folklore result that strongly-typed applets are more secure than untyped ones. We formulate and prove several security properties that all well-typed applets possess, and identify sufficient conditions for the applet execution environment to be safe, such as procedural encapsulation, type abstraction, and systematic typebased placement of run-time checks. These results are a first step towards formal techniques for developing and validating safe execution environments for applets.

[1]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[2]  Angelos D. Keromytis,et al.  Security in Active Networks , 2001, Secure Internet Programming.

[3]  Li Gong Java Security Architecture (JDK1.2) , 1997 .

[4]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[5]  Matthias Felleisen,et al.  Abstract models of memory management , 1995, FPCA '95.

[6]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[7]  Martín Abadi,et al.  Secrecy by Typing inSecurity Protocols , 1997, TACS.

[8]  Frank Yellin,et al.  Low Level Security in Java , 1995, WWW.

[9]  Daniel Le Métayer,et al.  Security and dynamic class loading in Java: a formalisation , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[10]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[11]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[12]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[13]  Luca Cardelli,et al.  An Extension of System F with Subtyping , 1991, TACS.

[14]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[15]  Thierry Coquand,et al.  Inheritance as Implicit Coercion , 1991, Inf. Comput..

[16]  Robin Milner,et al.  Definition of standard ML , 1990 .

[17]  Sophia Drossopoulou,et al.  Java is Type Safe - Probably , 1997, ECOOP.

[18]  Nathaniel S. Borenstein,et al.  EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail , 1994, ULPAA.

[19]  David von Oheimb Javàight Is Type-safe | Deenitely , 1998 .

[20]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[21]  Pierre Jouvelot,et al.  The Type and Effect Discipline , 1994, Inf. Comput..

[22]  Jens Palsberg,et al.  A type system equivalent to flow analysis , 1995, TOPL.

[23]  John C. Reynolds User-defined types and procedural data structures as complementary approaches to data abstraction , 1994 .

[24]  Martín Abadi,et al.  Reasoning about Cryptographic Protocols in the Spi Calculus , 1997, CONCUR.

[25]  William A. Arbaugh,et al.  The SwitchWare active network architecture , 1998, IEEE Netw..

[26]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[27]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[28]  Dan S. Wallach,et al.  Java security: Web browsers and beyond , 1997 .

[29]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[30]  Mads Tofte,et al.  Type Inference for Polymorphic References , 1990, Inf. Comput..

[31]  Frann Cois Rouaix A Web Navigator with Applets in Caml , 1996 .

[32]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[33]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[34]  Stephen N. Freund,et al.  A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[35]  Tobias Nipkow,et al.  Javalight is type-safe—definitely , 1998, POPL '98.

[36]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[37]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[38]  J. Banâtre,et al.  A Security Proof System for Networks of Communicating Processes , 1993 .

[39]  Xavier Leroy,et al.  Polymorphic typing of an algorithmic language , 1992 .