Security and dynamic class loading in Java: a formalisation

We give a formal specification of the dynamic loading of classes in the Java Virtual Machine (JVM) and of the visibility of members of the loaded classes. This specification is obtained by identifying the part of the run-time state of the JVM that is relevant for dynamic loading and visibility and consists of a set of inference rules defining abstract operations for loading, linking and verification of classes. The formalisation of visibility includes an axiomatisation of the rules for membership of a class under inheritance, and of accessibility of a member in the presence of accessibility modifiers such as private and protected. The contribution of the formalisation is twofold. First, it provides a clear and concise description of the loading process and the rules for member visibility compared to the informal definitions of the Java language and the JVM. Second, it is sufficiently simple to allow calculations of the effects of load operations in the JVM.

[1]  Li Gong,et al.  New security architectural directions for Java , 1997, COMPCON.

[2]  Don Syme,et al.  Proving Java Type Soundness , 1999, Formal Syntax and Semantics of Java.

[3]  Zhenyu Qian,et al.  A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subrountines , 1999, Formal Syntax and Semantics of Java.

[4]  Drew Dean,et al.  The security of static typing with dynamic linking , 1997, CCS '97.

[5]  Gary McGraw,et al.  Java security: hostile applets, holes&antidotes , 1997 .

[6]  Tommy Thorn,et al.  Programming languages for mobile code , 1997 .

[7]  Peter D. Mosses Action Semantics , 1986, ADT.

[8]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[9]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[10]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[11]  Sophia Drossopoulou,et al.  Java is Type Safe - Probably , 1997, ECOOP.

[12]  Luca Cardelli,et al.  Program fragments, linking, and modularization , 1997, POPL '97.

[13]  Zhenyu Qian A formal specification of java(tin) virtual machine instructions , 1998 .

[14]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[15]  Peter Bertelsen,et al.  Semantics of Java Byte Code , 1997 .

[16]  Gary McGraw,et al.  Java security - hostile applets, holes and antidotes: what every netscape and internet explorer user needs to know , 1997 .