论文信息 - Jalapa: Securing Java with Local Policies: Tool Demonstration

Jalapa: Securing Java with Local Policies: Tool Demonstration

We present Jalapa, a tool for securing Java bytecode programs with history-based usage policies. Policies are defined by usage automata, that recognize the forbidden execution histories. Usage automata are expressive enough to allow programmers specify of many real-world usage policies; yet, they are simple enough to permit formal reasoning. Programmers can sandbox untrusted pieces of code with usage policies. The Jalapa tool rewrites the Java bytecode by adding the hooks for the mechanism that enforces the given policies at run-time.

Massimo Bartoletti | Gabriele Costa | Roberto Zunino

[1] Massimo Bartoletti,et al. Usage Automata , 2009, ARSPA-WITS.

[2] Gian Luigi Ferrari,et al. Model Checking Usage Policies , 2008, TGC.

[3] Scott F. Smith,et al. History Effects and Verification , 2004, APLAS.

[4] Vipin Chaudhary,et al. History-based access control for mobile code , 1998, CCS '98.

[5] Gian Luigi Ferrari,et al. Types and Effects for Resource Usage Analysis , 2007, FoSSaCS.

[6] Massimo Bartoletti,et al. Securing Java with Local Policies , 2009, J. Object Technol..

[7] Cédric Fournet,et al. Stack inspection: Theory and variants , 2003, TOPL.

[8] Li Gong,et al. Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[9] Gian Luigi Ferrari,et al. Semantics-Based Design for Secure Web Services , 2008, IEEE Transactions on Software Engineering.

[10] Massimo Bartoletti,et al. LocUsT: a tool for checking usage policies , 2008 .

[11] Martín Abadi,et al. Access Control Based on Execution History , 2003, NDSS.

[12] Ian Welch,et al. Kava - Using Byte code Rewriting to add Behavioural Reflection to Java , 2001, COOTS.

[13] Luca Viganò,et al. Foundations and Applications of Security Analysis , 2009, Lecture Notes in Computer Science.