Advertisement

Protection in Programming-Language Translations

  • Martín Abadi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1603)

Abstract

We discuss abstractions for protection and the correctness of their implementations. Relying on the concept of full abstraction, we consider two examples: (1) the translation of Java classes to an intermediate bytecode language, and (2) in the setting of the pi calculus, the implementation of private channels in terms of cryptographic operations.

Keywords

Security Property Replay Attack Secure Channel Cryptographic Protocol Java Virtual Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Martin Abadi. Secrecy by typing in security protocols. In Theoretical Aspects of Computer Software, volume 1281 of Lecture Notes in Computer Science, pages 611–638. Springer-Verlag, 1997.CrossRefGoogle Scholar
  2. 2.
    Martín Abadi, Cédric Fournet, and Georges Gonthier. Secure implementation of channel abstractions. In Proceedings of the Thirteenth Annual IEEE Symposium on Logic in Computer Science, pages 105–116, June 1998.Google Scholar
  3. 3.
    Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. Technical Report 414, University of Cambridge Computer Laboratory, January 1997. Extended version of both [4] and [5]. A revised version appeared as Digital Equipment Corporation Systems Research Center report No. 149, January 1998, and an abridged version will appear in Information and Computation.Google Scholar
  4. 4.
    Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. In Proceedings of the Fourth ACM Conference on Computer and Communications Security, pages 36–47, 1997.Google Scholar
  5. 5.
    Martín Abadi and Andrew D. Gordon. Reasoning about cryptographic protocols in the spi calculus. In Proceedings of the 8th International Conference on Concurrency Theory, volume 1243 of Lecture Notes in Computer Science, pages 59–73. Springer-Verlag, July 1997.Google Scholar
  6. 6.
    Bowen Alpern and Fred B. Schneider. Defining liveness. Information Processing Letters, 21(4):181–185, October 1985.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Andrew D. Birrell. Secure communication using remote procedure calls. A CM Transactions on Computer Systems, 3(1):1–14, February 1985.CrossRefMathSciNetGoogle Scholar
  8. 8.
    Michele Boreale and Rocco De Nicola. Testing equivalence for mobile processes. Information and Computation, 120(2):279–303, August 1995.zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Jorge Luis Borges. La muerte y la brújula. In Obras completas 1923–1972, pages 499–507. Emecé Editores, Buenos Aires, 1974. Titled “Death and the compass” in English translations.Google Scholar
  10. 10.
    Richard M. Cohen. Defensive Java Virtual Machine version 0.5 alpha release. Web pages at http://www.cli.com/, May 1997.
  11. 11.
    Rocco De Nicola and Matthew C. B. Hennessy. Testing equivalences for processes. Theoretical Computer Science, 34:83–133, 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Drew Dean, Edward W. Felten, Dan S. Wallach, and Dirk Balfanz. Java security: Web browsers and beyond. In Dorothy E. Denning and Peter J. Denning, editors, Internet besieged: countering cyberspace scofflaws, pages 241–269. ACM Press, 1998.Google Scholar
  13. 13.
    Dorothy E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, Mass., 1982.zbMATHGoogle Scholar
  14. 14.
    Whitfield Diffie, Paul C. van Oorschot, and Michael J. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.CrossRefGoogle Scholar
  15. 15.
    Cédric Fournet and Georges Gonthier. The reflexive chemical abstract machine and the join-calculus. In Proceedings of the 23rd ACM Symposium on Principles of Programming Languages, pages 372–385, January 1996.Google Scholar
  16. 16.
    Stephen N. Freund and John C. Mitchell. A type system for object initialization in the Java bytecode language. In OOPSLA’ 98 Conference Proceedings: Object-Oriented Programming, Systems, Languages, and Applications, pages 310–327, 1998.Google Scholar
  17. 17.
    James Gosling, Bill Joy, and Guy L. Steele. The Java Language Specification. Addison-Wesley, 1996.Google Scholar
  18. 18.
    Nevin Heintze and Jon G. Riecke. The SLam calculus: programming with secrecy and integrity. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 365–377, 1998.Google Scholar
  19. 19.
    C. A. R. Hoare. Proof of correctness of data representations. Acta Informatica, 1:271–281, 1972.zbMATHCrossRefGoogle Scholar
  20. 20.
    Anita K. Jones and Barbara H. Liskov. A language extension for expressing constraints on data access. Communications of the ACM, 21(5):358–367, May 1978.zbMATHCrossRefGoogle Scholar
  21. 21.
    Leslie Lamport. A simple approach to specifying concurrent systems. Communications of the ACM, 32(1):32–45, January 1989.CrossRefMathSciNetGoogle Scholar
  22. 22.
    Butler W. Lampson. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems, pages 437–443, 1971.Google Scholar
  23. 23.
    Butler W. Lampson. Hints for computer system design. Operating Systems Review, 17(5):33–48, October 1983. Proceedings of the Ninth ACM Symposium on Operating System Principles.CrossRefGoogle Scholar
  24. 24.
    Butler W. Lampson and Howard E. Sturgis. Reflections on an operating system design. Communications of the ACM, 19(5):251–265, May 1976.CrossRefGoogle Scholar
  25. 25.
    Xavier Leroy and François Rouaix. Security properties of typed applets. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 391–403, 1998.Google Scholar
  26. 26.
    Tim Lindholm and Frank Yellin. The Java Virtual Machine Specification. Addison-Wesley, 1996.Google Scholar
  27. 27.
    John Longley and Gordon Plotkin. Logical full abstraction and PCF. In Jonathan Ginzburg, Zurab Khasidashvili, Carl Vogel, Jean-Jacques Levy, and Enric Vallduvi, editors, The Tbilisi Symposium on Logic, Language and Computation: Selected Papers, pages 333–352. CSLI Publications and FoLLI, 1998.Google Scholar
  28. 28.
    John McLean. A general theory of composition for a class of “possibilistic” properties. IEEE Transactions on Software Engineering, 22(1):53–66, January 1996.CrossRefGoogle Scholar
  29. 29.
    Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
  30. 30.
    Robin Milner. Fully abstract models of typed λ-calculi. Theoretical Computer Science, 4:1–22, 1977.zbMATHCrossRefMathSciNetGoogle Scholar
  31. 31.
    Robin Milner. Communication and Concurrency. Prentice-Hall International, 1989.Google Scholar
  32. 32.
    Robin Milner. Functions as processes. Mathematical Structures in Computer Science, 2:119–141, 1992.zbMATHMathSciNetCrossRefGoogle Scholar
  33. 33.
    Robin Milner. The polyadic π-calculus: a tutorial. In Bauer, Brauer, and Schwichtenberg, editors, Logic and Algebra of Specification. Springer-Verlag, 1993.Google Scholar
  34. 34.
    Robin Milner, Joachim Parrow, and David Walker. A calculus of mobile processes, parts I and II. Information and Computation, 100:1–40 and 41–77, September 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    John C. Mitchell. On abstraction and the expressive power of programming languages. Science of Computer Programming, 21(2):141–163, October 1993.zbMATHCrossRefMathSciNetGoogle Scholar
  36. 36.
    James H. Morris, Jr. Protection in programming languages. Communications of the ACM, 16(1):15–21, January 1973.zbMATHCrossRefGoogle Scholar
  37. 37.
    Greg Morrisett, David Walker, Karl Crary, and Neal Glew. From System F to Typed Assembly Language. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 85–97, 1998.Google Scholar
  38. 38.
    Andrew C. Myers and Barbara Liskov. A decentralized model for information flow control. In Proceedings of the 16th ACM Symposium on Operating System Principles, pages 129–142, 1997.Google Scholar
  39. 39.
    George C. Necula and Peter Lee. The design and implementation of a certifying compiler. In Proceedings of the ACM SIGPLAN’98 Conference on Programming Language Design and Implementation (PLDI), pages 333–344, 1998.Google Scholar
  40. 40.
    Gordon Plotkin. LCF considered as a programming language. Theoretical Computer Science, 5:223–256, 1977.CrossRefMathSciNetGoogle Scholar
  41. 41.
    Zhenyu Qian. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java?. Springer-Verlag, 1998. To appear.Google Scholar
  42. 42.
    Jon G. Riecke. Fully abstract translations between functional languages. Mathematical Structures in Computer Science, 3(4):387–415, December 1993.zbMATHMathSciNetGoogle Scholar
  43. 43.
    Ehud Shapiro. Separating concurrent languages with categories of language embeddings. In Proceedings of the Twenty Third Annual ACM Symposium on the Theory of Computing, pages 198–208, 1991.Google Scholar
  44. 44.
    Raymie Stata and Martín Abadi. A type system for Java bytecode subroutines. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages, pages 149–160, January 1998.Google Scholar
  45. 45.
    Sun Microsystems, Inc. Inner classes specification. Web pages at http://java.sun.com/products/jdk/1.1/docs/guide/innerclasses/, 1997.
  46. 46.
    Sun Microsystems, Inc. RMI enhancements. Web pages at http://java.sun.com/products/jdk/1.2/docs/guide/rmi/index.html, 1997.
  47. 47.
    Leendert van Doom, Martín Abadi, Mike Burrows, and Edward Wobber. Secure network objects. In Proceedings 1996 IEEE Symposium on Security and Privacy, pages 211–221, May 1996.Google Scholar
  48. 48.
    Dennis Volpano, Cynthia Irvine, and Geoffrey Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4:167–187, 1996.Google Scholar
  49. 49.
    Edward Wobber, Martín Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3–32, February 1994.CrossRefGoogle Scholar
  50. 50.
    Ann Wollrath, Roger Riggs, and Jim Waldo. A distributed object model for the Java system. Computing Systems, 9(4):265–290, Fall 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Martín Abadi
    • 1
  1. 1.Systems Research Center CompaqPalo AltoUSA

Personalised recommendations