Abstract
Bytecode verification is a crucial security component for Java applets, on the Web and on embedded devices such as smart cards. This paper describes the main bytecode verification algorithms and surveys the variety of formal methods that have been applied to bytecode verification in order to establish its correctness.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In 26th symp. Principles of Progr. Lang, pages 147–160. ACM Press, 1999.
Y. Bertot. A Coq formalization of a type checker for object initialization in the Java virtual machine. Research report 4047, INRIA, 2000. Also published in the proceedings of CAV’01.
P. Brisset. Vers un vérifieur de bytecode Java certifié. Seminar given at Ecole Normale Supérieure, Paris, October 2nd 1998.
K. Brunnstein. Hostile ActiveX control demonstrated. RISKS Forum, 18(82), Feb. 1997.
Z. Chen. Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. The Java Series. Addison-Wesley, 2000.
R. Cohen. The defensive Java virtual machine specification. Technical report, Computational Logic Inc., 1997.
S. N. Freund and J. C. Mitchell. A type system for object initialization in the Java bytecode language. ACM Trans. Prog. Lang. Syst., 22(5), 2000.
L. Gong. Inside Java 2 platform security: architecture, API design, and implementation. The Java Series. Addison-Wesley, 1999.
J. A. Gosling. Java intermediate bytecodes. In Proc. ACM SIGPLAN Workshop on Intermediate Representations, pages 111–118. ACM, 1995.
M. Hagiya and A. Tozawa. On a new method for dataflow analysis of Java virtual machine subroutines. In G. Levi, editor, SAS’98, volume 1503 of LNCS, pages 17–32. Springer-Verlag, 1998.
N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In 25th symp. Principles of Progr. Lang, pages 365–377. ACM Press, 1998.
M. Huisman, B. Jacobs, and J. van den Berg. A case study in class library verification: Java’s Vector class. Technical Report CSI-R0007, Computing Science Institute, University of Nijmegen, 2000.
X. Leroy. On-card bytecode verification for Java Card. Submitted for publication, available from http://cristal.inria.fr/~xleroy, 2001.
X. Leroy and F. Rouaix. Security properties of typed applets, volume 1603 of LNCS, pages 147–182. Springer-Verlag, 1999.
T. Lindholm and F. Yellin. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, 1999. Second edition.
G. McGraw and E. Felten. Securing Java. John Wiley & Sons, 1999.
S. S. Muchnick. Advanced compiler design and implementation. Morgan Kaufmann, 1997.
G. C. Necula. Proof-carrying code. In POPL’97, pages 106–119. ACM Press, 1997.
F. Nielson, H. R. Nielson, and C. Hankin. Principles of program analysis. Springer-Verlag, 1999.
T. Nipkow. Verified bytecode verifiers. In Foundations of Software Science and Computation Structures (FOSSACS’01). Springer-Verlag, 2001. To appear.
R. O'Callahan. A simple, comprehensive type system for Java bytecode subroutines. In POPL’99, pages 70–78. ACM Press, 1999.
J. Posegga and H. Vogt. Java bytecode verification using model checking. In Workshop Fundamental Underpinnings of Java, 1998.
F. Pottier, C. Skalka, and S. Smith. A systematic approach to static access control. In D. Sands, editor, Proceedings of the 10th European Symposium on Programming (ESOP’01), volume 2028 of LNCS, pages 30–45. Springer-Verlag, 2001.
C. Pusch. Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL. In W. R. Cleaveland, editor, TACAS’99, volume 1579 of LNCS, pages 89–103. Springer-Verlag, 1999.
Z. Qian. A formal specification of Java virtual machine instructions for objects, methods and subroutines. In J. Alves-Foss, editor, Formal syntax and semantics of Java, volume 1523 of LNCS. Springer-Verlag, 1998.
Z. Qian. Standard fixpoint iteration for Java bytecode verification. ACM Trans. Prog. Lang. Syst., 22(4):638–672, 2000.
E. Rose and K. Rose. Lightweight bytecode verification. In Workshop Fundamental Underpinnings of Java, 1998.
D. A. Schmidt. Data flow analysis is model checking of abstract interpretations. In POPL’98, pages 38–48. ACM Press, 1998.
R. Stata and M. Abadi. A type system for Java bytecode subroutines. ACM Trans. Prog. Lang. Syst., 21(1):90–137, 1999.
Sun Microsystems. Java 2 platform micro edition technology for creating mobile devices. White paper, http://java.sun.com/products/cldc/wp/KVMwp.pdf, 2000.
Trusted Logic. Off-card bytecode verifier for Java Card. Distributed as part of Sun’s Java Card Development Kit, 2001.
G. Vigna, editor. Mobile Agents and Security, volume 1419 of Lecture Notes in Computer Science. Springer-Verlag, 1998.
D. Volpano and G. Smith. A type-based approach to program security. In Proceedings of TAPSOFT’97, Colloquium on Formal Approaches in Software Engineering, volume 1214 of LNCS, pages 607–621. Springer-Verlag, 1997.
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):1–21, 1996.
D. Walker. A type system for expressive security policies. In 27th symp. Principles of Progr. Lang, pages 254–267. ACM Press, 2000.
F. Yellin. Low level security in Java. In Proceedings of the Fourth International World Wide Web Conference, pages 369–379. O'Reilly, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leroy, X. (2001). Java Bytecode Verification: An Overview. In: Berry, G., Comon, H., Finkel, A. (eds) Computer Aided Verification. CAV 2001. Lecture Notes in Computer Science, vol 2102. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44585-4_26
Download citation
DOI: https://doi.org/10.1007/3-540-44585-4_26
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42345-4
Online ISBN: 978-3-540-44585-2
eBook Packages: Springer Book Archive