Mechanisms for secure modular programming in Java

We present a new module system for Java that improves upon many of the deficiencies of the Java package system and gives the programmer more control over dynamic linking. Our module system provides explicit interfaces, multiple views of modules based on hierarchical nesting and more flexible name‐space management than the Java package system. Relationships between modules are explicitly specified in module description files. We provide more control over dynamic linking by allowing import statements in module description files to require that imported modules be annotated with certain properties, which we implement by digital signatures. Our module system is compatible enough with standard Java to be implemented as a source‐to‐source and bytecode‐to‐bytecode transformation wrapped around a standard Java compiler, using a standard Java virtual machine (JVM). Copyright © 2003 John Wiley & Sons, Ltd.

[1]  Sheng Liang,et al.  Dynamic class loading in the Java virtual machine , 1998, OOPSLA '98.

[2]  Robert Bruce Findler,et al.  Modular object-oriented programming with units and mixins , 1998, ICFP '98.

[3]  Robin Milner,et al.  Definition of standard ML , 1990 .

[4]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[5]  Brian W. Kernighan,et al.  The C Programming Language , 1978 .

[6]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[7]  Stephen N. Freund,et al.  Adding type parameterization to the Java language , 1997, OOPSLA '97.

[8]  J. Gregory Morrisett,et al.  Type-safe linking and modular assembly language , 1999, POPL '99.

[9]  Andrew W. Appel,et al.  Hierarchical modularity , 1999, TOPL.

[10]  Drew Dean,et al.  The security of static typing with dynamic linking , 1997, CCS '97.

[11]  Andrew W. Appel,et al.  Separate compilation for Standard ML , 1994, PLDI '94.

[12]  Xavier Leroy,et al.  Security properties of typed applets , 1998, POPL '98.

[13]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[14]  Luca Cardelli,et al.  Program fragments, linking, and modularization , 1997, POPL '97.

[15]  Andrew W. Appel,et al.  Formal aspects of mobile code security , 1999 .

[16]  Guy L. Steele,et al.  Java Language Specification, Second Edition: The Java Series , 2000 .

[17]  Greg Nelson,et al.  Systems programming in modula-3 , 1991 .

[18]  David R. Hanson,et al.  C Interfaces and Implementations: Techniques for Creating Reusable Software , 1996 .

[19]  Daniel Le Métayer,et al.  Security and dynamic class loading in Java: a formalisation , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[20]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[21]  Frank Yellin,et al.  The java virtual machine , 1996 .

[22]  Dan S. Wallach,et al.  Java security: Web browsers and beyond , 1997 .