A Proof Carrying Code Framework for Inlined Reference Monitors in Java Bytecode

We propose a light-weight approach for certification of monitor inlining for sequential Java bytecode using proof-carrying code. The goal is to enable the use of monitoring for quality assurance at ...

[1]  Kevin W. Hamlen,et al.  ActionScript In-Lined Reference Monitoring in Prolog , 2010, PADL.

[2]  Frank Piessens,et al.  Security enforcement aware software development , 2009, Inf. Softw. Technol..

[3]  Gary T. Leavens,et al.  Design by Contract with JML , 2006 .

[4]  Scott F. Smith,et al.  History Effects and Verification , 2004, APLAS.

[5]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[6]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[7]  Grigore Rosu,et al.  Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[8]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[9]  Dilian Gurov,et al.  Provably Correct Runtime Monitoring , 2008, FM.

[10]  J. van Leeuwen,et al.  Theoretical Computer Science , 2003, Lecture Notes in Computer Science.

[11]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[12]  David Walker,et al.  Policy enforcement via program monitoring , 2006 .

[13]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[14]  Wouter Joosen,et al.  Security-by-contract on the .NET platform , 2008, Inf. Secur. Tech. Rep..

[15]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[16]  Fabio Massacci,et al.  Matching in security-by-contract for mobile code , 2009, J. Log. Algebraic Methods Program..

[17]  Frank Yellin,et al.  Low Level Security in Java , 1995, WWW.

[18]  Mahesh Viswanathan,et al.  Java-MaC: a Run-time Assurance Tool for Java Programs , 2001, RV@CAV.

[19]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[20]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[21]  Lujo Bauer,et al.  Types and Effects for Non-interfering Program Monitors , 2002, ISSS.

[22]  Kevin W. Hamlen,et al.  Model-Checking In-Lined Reference Monitors , 2010, VMCAI.

[23]  Katsiaryna Naliuka,et al.  ConSpec - A formal language for policy specification , 2008, Sci. Comput. Program..

[24]  Peter Müller,et al.  A Logic for Bytecode , 2004 .

[25]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[26]  Fabio Massacci,et al.  Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code , 2007, EuroPKI.

[27]  Tamara Rezk Verification of confidentiality policies for mobile code , 2009 .

[28]  Frank Piessens,et al.  Provably correct inline monitoring for multithreaded Java-like programs , 2010, J. Comput. Secur..

[29]  Xavier Leroy,et al.  Java bytecode verification : algorithms and formalizations Xavier Leroy INRIA Rocquencourt and Trusted Logic , 2003 .

[30]  George C. Necula,et al.  A Proof-Carrying Code Architecture for Java , 2000, CAV.

[31]  Seok-Won Lee,et al.  Special issue on software engineering for secure systems , 2010, Computers & security.

[32]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[33]  Frank Piessens,et al.  Security Monitor Inlining for Multithreaded Java , 2009, ECOOP.

[34]  Kevin W. Hamlen,et al.  Certified In-lined Reference Monitoring on .NET , 2006, PLAS '06.

[35]  Benjamin Grégoire,et al.  The MOBIUS Proof Carrying Code Infrastructure , 2008, FMCO.

[36]  Úlfar Erlingsson,et al.  The Inlined Reference Monitor Approach to Security Policy Enforcement , 2004 .

[37]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[38]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.