论文信息 - Class properties for security review in an object-capability subset of Java: (short paper)

Class properties for security review in an object-capability subset of Java: (short paper)

Joe-E is a subset of the Java language, with additional restrictions enforced by a static source-code verifier. We explore several semantic properties of classes relating to immutability and object identity that can be declared by the programmer and are checked by the Joe-E verifier. We present the simple, modular analyses we use to verify these properties and describe how they are useful in performing security reviews of applications.

David A. Wagner | Adrian Mettler

[1] Norman Hardy,et al. KeyKOS architecture , 1985, OPSR.

[2] Xin Qi,et al. Masked types for sound object initialization , 2009, POPL '09.

[3] Michael D. Ernst,et al. Javari: adding reference immutability to Java , 2005, OOPSLA '05.

[4] David A. Wagner,et al. Joe-E: A Security-Oriented Subset of Java , 2010, NDSS.

[5] Shane Markstrum,et al. A framework for implementing pluggable type systems , 2006, OOPSLA '06.

[6] Songtao Xia,et al. Establishing object invariants with delayed types , 2007, OOPSLA.

[7] James H. Morris. Protection in programming languages , 1973, CACM.

[8] K. Rustan M. Leino,et al. Declaring and checking non-null types in an object-oriented language , 2003, OOPSLA 2003.

[9] Mark S. Miller,et al. Robust composition: towards a unified approach to access control and concurrency control , 2006 .

[10] Michael D. Ernst,et al. Object and reference immutability using Java generics , 2007, ESEC-FSE '07.

[11] Shirley Dex,et al. JR 旅客販売総合システム（マルス）における運用及び管理について , 1991 .

[12] Michael D. Ernst,et al. Practical pluggable types for java , 2008, ISSTA '08.

[13] David A. Wagner,et al. Verifiable functional purity in java , 2008, CCS.