Java Bytecode Verification: An Overview

Bytecode verification is a crucial security component for Java applets, on the Web and on embedded devices such as smart cards. This paper describes the main bytecode verification algorithms and surveys the variety of formal methods that have been applied to bytecode verification in order to establish its correctness.

[1]  Scott F. Smith,et al.  A Systematic Approach to Static Access Control , 2001, ESOP.

[2]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[3]  Xavier Leroy,et al.  Security properties of typed applets , 1998, POPL '98.

[4]  Martin Wirsing,et al.  Formal Syntax and Semantics of Java , 1999 .

[5]  Xavier Leroy On-Card Bytecode Verification for Java Card , 2001, E-smart.

[6]  Zhenyu Qian,et al.  Standard fixpoint iteration for Java bytecode verification , 2000, TOPL.

[7]  Robert O'Callahan,et al.  A simple, comprehensive type system for Java bytecode subroutines , 1999, POPL 1999.

[8]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[9]  Masami Hagiya,et al.  On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines , 1998, SAS.

[10]  Tobias Nipkow Verified Bytecode Verifiers , 2001, FoSSaCS.

[11]  Tobias Nipkow,et al.  Veried Bytecode Veriers , 2002 .

[12]  James Gosling,et al.  Java Intermediate Bytecode , 1995, Intermediate Representations Workshop.

[13]  Bart Jacobs,et al.  A case study in class library verification: Java’s vector class , 1999, International Journal on Software Tools for Technology Transfer.

[14]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[15]  Cornelia Pusch,et al.  Proving the Soundness of a Java Bytecode Verifier Specification in Isabelle/HOL , 1999, TACAS.

[16]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[17]  Yves Bertot,et al.  A Coq Formalization of a Type Checker for Object Initialization in the Java Virtual Machine , 2000 .

[18]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[19]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[20]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[21]  Geoffrey Smith,et al.  A Type-Based Approach to Program Security , 1997, TAPSOFT.

[22]  David A. Schmidt Data flow analysis is model checking of abstract interpretations , 1998, POPL '98.

[23]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[24]  GoslingJames Java intermediate bytecodes , 1995 .

[25]  Frank Yellin,et al.  Low Level Security in Java , 1995, WWW.

[26]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[27]  James Gosling,et al.  Java Intermediate Bytecode , 1995, Intermediate Representations Workshop.

[28]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[29]  Giovanni Vigna,et al.  Mobile Agents and Security , 1998, Lecture Notes in Computer Science.

[30]  Liwu Li,et al.  Java Virtual Machine , 1998 .

[31]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .