AnZenMail: A Secure and Certified E-mail System

  • Etsuya Shibayama
  • Shigeki Hagihara
  • Naoki Kobayashi
  • Shin-ya Nishizaki
  • Kenjiro Taura
  • Takuo Watanabe
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2609)


We are developing a secure and certified e-mail system AnZenMail that provides an experimental testbed for our cutting-edge security enhancement technologies. In addition to a provably secure message transfer protocol, we have designed and implemented a server (MTU) and a client (MUA) in order that they could survive recent malicious attacks such as server-cracking and e-mail viruses. The AnZenMail server is implemented in Java, a memory-safe language, and so it is free from stack smashing. Some of its safety properties have been formally verified in Coq mostly at the source code level by manually translating Java methods into Coq functions. The AnZenMail client is designed to provide a support for secure execution of mobile code arriving as e-mail attachments. It has plug-in interfaces for code inspection and execution modules such as static analysis tools, runtime/inline reference monitors, and an anti-virus engine, which are currently being developed by members of our research project.


Malicious Attack Software Security Mail Server Mobile Code Source Code Level 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Affeldt, R., Kobayashi, N.: Formalization and Verification of a Mail Server in Coq. Proc. of International Symposium on Software Security, in this volume, 2003.Google Scholar
  2. 2.
    Aleph One: Smashing the Stack for Fun and Profit, Phrack, 49(7), 1996,
  3. 3.
    Baratloo, A., Singh, N., Tsai, T.: Transparent Run-Time Defense Against Stack-Smashing Attacks. Proc. of USENIX Annual Conference, 2000.Google Scholar
  4. 4.
    Bernstein, D. J.: The Qmail Security Guarantee.Google Scholar
  5. 5.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. Proc. of the Royal Society, Series A 426, 233–271, 1989.Google Scholar
  6. 6.
    Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Proc. 7th USENIX Security Conference, 63–78, 1998.Google Scholar
  7. 7.
    Crocker, S., Freed, N., Galvin, J., Murphy, S.: MIME Object Security Services. RFC 1848, 1995.Google Scholar
  8. 8.
    Deng, R. H., Gong, L., Lazar, A. A., Wang, W.: Practical Protocols for Certified Electronic Mail. J. of Network and System Management, 4(3), 279–297, 1996.CrossRefGoogle Scholar
  9. 9.
    Ducheneaut, N., Bellotti, V.: E-mail as Habitat. Interactions, ACM, 8(5), 30–38, 2001.CrossRefGoogle Scholar
  10. 10.
    Goldberg, Y., Safran, M., Shapiro, E.: Active Mail-A Framework for Implementing Groupware. Proc. of the Conf. on Computer Supported Cooperative Work, 75–83, 1992.Google Scholar
  11. 11.
    Hoffman, P.: SMTP Service Extension for Secure SMTP over TLS. RFC 2487, 1999.Google Scholar
  12. 12.
    Igarashi, A., Kobayashi, N.: Resource Usage Analysis. Proc. of ACM Symposium on Principles of Programming Languages, 331–342, 2001.Google Scholar
  13. 13.
    Jaeger, T., Prakash, A., Liedtke, J., Islam, N.: Flexible Control of Downloaded Executable Content. ACM Trans. on Information and System Security, 2(2), 177–228, 1999.CrossRefGoogle Scholar
  14. 14.
    Kato, K., Oyama, Y.: SoftwarePot: An Encapsulated Transferable File System for Secure Software Circulation. Proc. of International Symposium on Software Security, in this volume, 2003.Google Scholar
  15. 15.
    Kent, S. T.: Internet Privacy Enhanced Mail. Comm. of the ACM, 36(8), 48–60, 1993.CrossRefGoogle Scholar
  16. 16.
    Klensin, J. (ed): Simple Mail Transfer Protocol. RFC 2821, 2001.Google Scholar
  17. 17.
    Pfitzmann, B., Schunter, M., Waidner, M.: Provably Secure Certified Mail. Research Report, RZ 3207(#93253), IBM, 2000.Google Scholar
  18. 18.
  19. 19.
    Ramsdell, B. (ed): S/MIME Version 3 Message Specification. RFC 2633, 1999.Google Scholar
  20. 21.
    Viega, J., McGraw, G., Mutdosch, T., Felten, E. W.: Statically Scanning Java Code: Finding Security Vulnerabilities. IEEE Software, 17(5), 68–74, 2000.CrossRefGoogle Scholar
  21. 22.
    Wallach, D. S., Appel, A. W., Felten, E. W.: SAFKASI: A Security Mechanism for Language-Based Systems. ACM Trans. on Software Engineering and Methodology, 9(4), 341–378, 2000.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Etsuya Shibayama
    • 1
  • Shigeki Hagihara
    • 1
  • Naoki Kobayashi
    • 1
  • Shin-ya Nishizaki
    • 1
  • Kenjiro Taura
    • 2
  • Takuo Watanabe
    • 3
    • 1
  1. 1.Graduate School of Information Science and EngineeringTokyo Institute of TechnologyMeguro-ku, TokyoJapan
  2. 2.The University of TokyoBunkyo-ku, TokyoJapan
  3. 3.The National Institute of InformaticsChiyoda-ku , TokyoJapan

Personalised recommendations