MOBIUS: mobility, ubiquity, security objectives and progress report

Through their global, uniform provision of services and their distributed nature, global computers have the potential to profoundly enhance our daily life. However, they will not realize their full potential, unless the necessary levels of trust and security can be guaranteed. The goal of the MOBIUS project is to develop a Proof Carrying Code architecture to secure global computers that consist of Java-enabled mobile devices. In this progress report, we detail its objectives and provide a snapshot of the project results during its first year of activity.

[1]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[2]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[3]  Manuel V. Hermenegildo,et al.  Combining Static Analysis and Profiling for Estimating Execution Times , 2006, PADL.

[4]  David Sands,et al.  Noninterference in the presence of non-opaque pointers , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[5]  Thomas P. Jensen,et al.  A Formal Model of Access Control for Mobile Interactive Devices , 2006, ESORICS.

[6]  Gilles Barthe,et al.  A Certified Lightweight Non-interference Java Bytecode Verifier , 2007, ESOP.

[7]  Martin Hofmann,et al.  Type-Based Amortised Heap-Space Analysis , 2006, ESOP.

[8]  Peter Müller,et al.  Universes: Lightweight Ownership for JML , 2005, J. Object Technol..

[9]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[10]  David Cachera,et al.  Certified Memory Usage Analysis , 2005, FM.

[11]  Reiner Hähnle,et al.  Verification of Safety Properties in the Presence of Transactions , 2004, CASSIS.

[12]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[13]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[14]  Pierre Crégut,et al.  Improving the Security of Downloadable Java Applications With Static Analysis , 2005, Bytecode@ETAPS.

[15]  Marieke Huisman,et al.  Preliminary Design of BML: A Behavioral Interface Specification Language for Java Bytecode , 2007, FASE.

[16]  G. Barthe,et al.  Mobile Resource Guarantees for Smart Devices , 2005 .

[17]  Gilles Barthe,et al.  Deriving an information flow checker and certifying compiler for Java , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[18]  Martin Hofmann,et al.  A Bytecode Logic for JML and Types , 2006, APLAS.

[19]  Eva Rose,et al.  Lightweight Bytecode Verification , 2004, Journal of Automated Reasoning.

[20]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[21]  Benjamin Grégoire,et al.  Certificate Translation for Optimizing Compilers , 2006, SAS.

[22]  Manuel V. Hermenegildo,et al.  Abstraction-Carrying Code , 2005, LPAR.

[23]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[24]  Martin Hofmann,et al.  A Program Logic for Resource Verification , 2004, TPHOLs.

[25]  Gary T. Leavens Modular specification and verification of object-oriented programs , 1991, IEEE Software.

[26]  David Sands,et al.  Flow Locks: Towards a Core Calculus for Dynamic Flow Policies , 2006, ESOP.

[27]  Gilad Bracha Pluggable Type Systems , 2004 .

[28]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[29]  Martin Hofmann,et al.  Static prediction of heap space usage for first-order functional programs , 2003, POPL '03.

[30]  Jean-Louis Lanet,et al.  Enforcing High-Level Security Properties for Applets , 2004, CARDIS.

[31]  Julien Charles Adding native specifications to JML , 2006 .

[32]  Benjamin Grégoire,et al.  A compiled implementation of strong reduction , 2002, ICFP '02.

[33]  Alejandro Russo,et al.  Securing interaction between threads and the scheduler , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).