论文信息 - Careful Analysis of Type Spoofing

Careful Analysis of Type Spoofing

Saraswat’s type spoofing was one of the most long-lasting bugs in the JVM. Recently, its solution was proposed and implemented in JDK 1.2. The correctness of this new feature, however, is non-trivial and required the formal soundness proof. Actually, during our work on it, two flaws inside the new JVM implementation were found. This paper briefly reports our work and results.

Masami Hagiya | Akihiko Tozawa

[1] Stephen N. Freund,et al. A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[2] Drew Dean,et al. The security of static typing with dynamic linking , 1997, CCS '97.

[3] Sheng Liang,et al. Dynamic class loading in the Java virtual machine , 1998, OOPSLA '98.

[4] Masami Hagiya,et al. On a New Method for Dataflow Analysis of Java Virtual Machine Subroutines , 1998, SAS.

[5] Frank Yellin,et al. The Java Virtual Machine Specification , 1996 .

[6] Daniel Le Métayer,et al. Security and dynamic class loading in Java: a formalisation , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[7] Allen Goldberg,et al. A specification of Java loading and bytecode verification , 1998, CCS '98.