Formalizing Java-MaC

Abstract The Java-MaC framework is a run-time verification system for Java programs that can be used to dynamically test and enforce safety policies. This paper presents a formal model of the Java-MaC safety properties in terms of an operational semantics for Middleweight Java, a realistic subset of full Java. This model is intended to be used as a framework for studying the correctness of Java-MaC program instrumentation, optimizations, and future experimentation with run-time monitor expressiveness. As a preliminary demonstration of this model's applicability for these tasks, the paper sketches a correctness result for a simple program instrumentation scheme.

[1]  Stephen N. Freund,et al.  A Type System for the Java Bytecode Language and Verifier , 2003, Journal of Automated Reasoning.

[2]  Insup Lee,et al.  Information extraction for run-time formal analysis , 2001 .

[3]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[4]  Jarred Adam Ligatti,et al.  More Enforceable Security Policies , 2002 .

[5]  Lance M. Berc,et al.  Continuous profiling: where have all the cycles gone? , 1997, TOCS.

[6]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  Hanêne Ben-Abdallah,et al.  A Monitoring and Checking Framework for Run-time Correctness Assurance , 1998 .

[8]  Lujo Bauer,et al.  A Calculus for Composing Security Policies , 2002 .

[9]  Anindya Banerjee,et al.  Secure information flow and pointer con .nement in a java-like language , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[10]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[11]  Andrew M. Pitts,et al.  MJ: An imperative core calculus for Java and Java with effects , 2003 .

[12]  Mahesh Viswanathan,et al.  Java-MaC: a Run-time Assurance Tool for Java Programs , 2001, RV@CAV.

[13]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[14]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[15]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 1999, OOPSLA '99.

[16]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..