LSBA Based Security Verification in MCC

This paper presents a new way to verify whether a behavior model of code satisfies a security policy in the model- carrying code(MCC) approach for safe execution of untrusted code. This new verification method based on a new kind of model called logic semantic based automata(LSBA). Logic semantic based pushdown automata(LSBPDA)is to model safety-related behaviors of codes unknown to a user and logic semantic based finite states automata(LSBFSA)is to model security policies of users. Verification is done by checking wether the language of the LSBPDA model of a policy and the language of the LSBFSA model of untrusted code intersect. This new method is formal in nature and suitable for automation of the verification step in MCC method. Index Terms—MCC, safety of mobile code, formal method, safety model verification

[1]  Manuel V. Hermenegildo,et al.  An Abstract Interpretation-based Approach to Mobile Code Safety , 2005, COCV@ETAPS.

[2]  Achim Blumensath,et al.  Finite Presentations of Infinite Structures: Automata and Interpretations , 2004, Theory of Computing Systems.

[3]  Daniel C. DuVarney,et al.  A Program Transformation Technique for Enforcement of Information Flow Properties ∗ , 2004 .

[4]  Daniel C. DuVarney,et al.  Model-carrying code: a practical approach for safe execution of untrusted applications , 2003, SOSP '03.

[5]  George C. Necula,et al.  A Framework for Certified Program Analysis and Its Applications to Mobile-Code Safety , 2006, VMCAI.

[6]  Xavier Leroy,et al.  Java Bytecode Verification: Algorithms and Formalizations , 2003, Journal of Automated Reasoning.

[7]  Tobias Nipkow,et al.  Prototyping Proof Carrying Code , 2004, IFIP TCS.

[8]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code , 2005, LPAR.

[9]  Zhenkai Liang,et al.  Isolated program execution: an application transparent approach for executing untrusted programs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[10]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[11]  David Kotz,et al.  Mobile Code: The Future of the Internet , 1999 .

[12]  Tobias Nipkow,et al.  Bytecode Analysis for Proof Carrying Code , 2005, Bytecode@ETAPS.

[13]  Levente Buttyán,et al.  Protecting the Itinerary of Mobile Agents , 1998, ECOOP Workshops.

[14]  George C. Necula,et al.  Using Dependent Types to Certify the Safety of Assembly Code , 2005, SAS.

[15]  Peter Linz,et al.  An Introduction to Formal Languages and Automata , 1997 .