Computer Security from a Programming Language and Static Analysis Perspective

(Extended Abstract of Invited Lecture)
  • Xavier Leroy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2618)


Computer security [16,5] is usually defined as ensuring integrity, confidentiality, and availability requirements even in the presence of a determined, malicious opponent. Sensitive data must be modified and consulted by authorized users only (integrity, confidentiality); moreover, the system should resist “denial of service” attacks that attempt to render it unusable (availability). In more colorful language, computer security has been described as “programming Satan’s computer” [6]: the implementor must assume that every weakness that can be exploited will be.


Access Control Virtual Machine Smart Card Security Policy Computer Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Martín Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749–786, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. A core calculus of dependency. In 26th symposium Principles of Programming Languages, pages 147–160. ACM Press, 1999.Google Scholar
  3. 3.
    Martín Abadi and Bruno Blanchet. Secrecy types for asymmetric communication. In Furio Honsell and Marino Miculan, editors, Proceedings of the 4th International Conference on Foundations of Software Science and Computation Structures, volume 2030 of Lecture Notes in Computer Science, pages 25–41. Springer-Verlag, 2001.Google Scholar
  4. 4.
    Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The Spi calculus. Information and Computation, 148(1):1–70, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Ross Anderson. Security Engineering. John Wiley & Sons, 2001.Google Scholar
  6. 6.
    Ross Anderson and Roger Needham. Programming Satan’s computer. In Computer Science Today: Recent Trends and Developments, number 1000 in Lecture Notes in Computer Science, pages 426–441. Springer-Verlag, 1995.Google Scholar
  7. 7.
    Frédéric Besson, Thomas de Grenier de Latour, and Thomas Jensen. Secure calling contexts for stack inspection. In Principles and Practice of Declarative Programming (PPDP 2002), pages 76–87. ACM Press, 2002.Google Scholar
  8. 8.
    Luca Cardelli. Type systems. In Allen B. Tucker, editor, The Computer Science and Engineering Handbook. CRC Press, 1997.Google Scholar
  9. 9.
    Denis Caromel, Ludovic Henrio, and Bernard Serpette. Context inference for static analysis of java card object sharing. In Proceedings e-Smart 2001, volume 2140 of Lecture Notes in Computer Science. Springer-Verlag, 2001.Google Scholar
  10. 10.
    Zhiqun Chen. Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. The Java Series. Addison-Wesley, 2000.Google Scholar
  11. 11.
    Gennady Chugunov, Lars åAke Fredlund, and Dilian Gurov. Model checking multiapplet Java Card applications. In Smart Card Research and Advanced Applications Conference (CARDIS’02), 2002.Google Scholar
  12. 12.
    Thomas Colcombet and Pascal Fradet. Enforcing trace properties by program transformation. In 27th symposium Principles of Programming Languages, pages 54–66. ACM Press, 2000.Google Scholar
  13. 13.
    Karl Crary and JosephC. Vanderwaart. An expressive, scalable type theory for certified code. In International Conference on Functional Programming 2002. ACM Press, 2002.Google Scholar
  14. 14.
    Damien Deville and Gilles Grimaud. Building an “impossible” verifier on a Java Card. In USENIX Workshop on Industrial Experiences with Systems Software (WIESS’02), 2002.Google Scholar
  15. 15.
    U. Erlingsson and Fred B. Schneider. IRM enforcement of Java stack inspection. In Symposium on Security and Privacy. IEEE Computer Society Press, 2000.Google Scholar
  16. 16.
    Morrie Gasser. Building a secure computer system. Van Nostrand Reinhold Co., 1988.Google Scholar
  17. 17.
    Li Gong. Inside Java 2 platform security: architecture, API design, and implementation. The Java Series. Addison-Wesley, 1999.Google Scholar
  18. 18.
    James A. Gosling. Java intermediate bytecodes. In Proc. ACM SIGPLAN Workshop on Intermediate Representations, pages 111–118. ACM, 1995.Google Scholar
  19. 19.
    Pieter H. Hartel and Luc A. V. Moreau. Formalizing the safety of Java, the Java virtual machine and Java Card. ACM Computing Surveys, 33(4):517–558, 2001.CrossRefGoogle Scholar
  20. 20.
    Nevin Heintze and Jon G. Riecke. The SLam calculus: programming with secrecy and integrity. In 25th symposium Principles of Programming Languages, pages 365–377. ACM Press, 1998.Google Scholar
  21. 21.
    Gregor Kiczales, John Lamping, Anurag Mendhekar, Chris Maeda, Cristina Videira Lopes, Jean-Marc Loingtier, and John Irwin. Aspect-oriented programming. In European Conference on Object-Oriented Programming (ECOOP’97), number 1241 in Lecture Notes in Computer Science. Springer-Verlag, 1997.Google Scholar
  22. 22.
    Paul C. Kocher. Timing attacks on implementations of Diffe-Hellman, RSA, DSS, and other systems. In Proceedings Crypto’ 96, number 1109 in Lecture Notes in Computer Science, pages 104–113. Springer-Verlag, 1996.Google Scholar
  23. 23.
    Markus Kuhn. Tamper resistance-a cautionary note. In USENIX Workshop on Electronic Commerce proceedings, pages 1–11, 1996.Google Scholar
  24. 24.
    Markus Kuhn. Design principles for tamper-resistant smartcard processors. In USENIX Workshop on Smartcard Technology proceedings, 1999.Google Scholar
  25. 25.
    Xavier Leroy. Java bytecode verification: an overview. In G. Berry, H. Comon, and A. Finkel, editors, Computer Aided Verification, CAV 2001, volume 2102 of Lecture Notes in Computer Science, pages 265–285. Springer-Verlag, 2001.Google Scholar
  26. 26.
    Xavier Leroy. Bytecode verification for Java smart card. Software Practice & Experience, 32:319–340, 2002.zbMATHCrossRefGoogle Scholar
  27. 27.
    Xavier Leroy and Franşcois Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming-Security issues for Mobile and Distributed Objects, volume 1603 of Lecture Notes in Computer Science, pages 147–182. Springer-Verlag, 1999.Google Scholar
  28. 28.
    Tim Lindholm and Frank Yellin. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, 1999. Second edition.Google Scholar
  29. 29.
    Sergio Loureiro, Laurent Bussard, and Yves Roudier. Extending tamper-proof hardware security to untrusted execution environments. In USENIX Smart Card Research and Advanced Application Conference (CARDIS’02), 2002.Google Scholar
  30. 30.
    Greg Morrisett, Karl Crary, Neal Glew, and David Walker. Stack-based typed assembly language. Journal of Functional Programming, 12(1):43–88, 2002.zbMATHMathSciNetCrossRefGoogle Scholar
  31. 31.
    Greg Morrisett, David Walker, Karl Crary, and Neal Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):528–569, 1999.CrossRefGoogle Scholar
  32. 32.
    George C. Necula. Proof-carrying code. In 24th symposium Principles of Programming Languages, pages 106–119. ACM Press, 1997.Google Scholar
  33. 33.
    George C. Necula and Peter Lee. Safe, untrusted agents using proof-carrying code. In Giovanni Vigna, editor, Mobile Agents and Security, volume 1419 of Lecture Notes in Computer Science, pages 61–91. Springer-Verlag, 1997.CrossRefGoogle Scholar
  34. 34.
    Franşois Pottier and Sylvain Conchon. Information flow inference for free. In International Conference on Functional Programming 2000, pages 46–57. ACM Press, 2000.Google Scholar
  35. 35.
    Franşois Pottier and Vincent Simonet. Information flow inference for ML. In 29th symposium Principles of Programming Languages, pages 319–330. ACM Press, 2002.Google Scholar
  36. 36.
    François Pottier, Christian Skalka, and Scott Smith. A systematic approach to static access control. In David Sands, editor, Proceedings of the 10th European Symposium on Programming (ESOP’01), volume 2028 of Lecture Notes in Computer Science, pages 30–45. Springer-Verlag, 2001.Google Scholar
  37. 37.
    Fred B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 2(4), 2000.Google Scholar
  38. 38.
    Zhong Shao, Bratin Saha, Valery Trifonov, and Nikolaos Papaspyrou. A type system for certified binaries. In 29th symposium Principles of Programming Languages, pages 217–232. ACM Press, 2002.Google Scholar
  39. 39.
    Sean W. Smith and Steve Weingart. Building a high-performance, programmable secure coprocessor. Technical Report RC 21102, IBM Research, 1998.Google Scholar
  40. 40.
    Peter Thiemann. Enforcing security properties by type specialization. In European Symposium on Programming 2001, volume 2028 of Lecture Notes in Computer Science. Springer-Verlag, 2001.Google Scholar
  41. 41.
    Dennis Volpano and Geoffrey Smith. A type-based approach to program security. In Proceedings of TAPSOFT’97, Colloquium on Formal Approaches in Software Engineering, volume 1214 of Lecture Notes in Computer Science, pages 607–621. Springer-Verlag, 1997.Google Scholar
  42. 42.
    Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):1–21, 1996.Google Scholar
  43. 43.
    Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 27(5):203–216, 1993.CrossRefGoogle Scholar
  44. 44.
    David Walker. A type system for expressive security policies. In 27th symposium Principles of Programming Languages, pages 254–267. ACM Press, 2000.Google Scholar
  45. 45.
    Dan S. Wallach, Edward W. Felten, and Andrew W. Appel. The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology, 9(4), 2000.Google Scholar
  46. 46.
    Hongwei Xi and Robert Harper. A dependently typed assembly language. In International Conference on Functional Programming’ 01, pages 169–180. ACM Press, 2001.Google Scholar
  47. 47.
    Hongwei Xi and Frank Pfenning. Eliminating array bound checking through dependent types. In Programming Language Design and Implementation 1998, pages249–257. ACM Press, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Xavier Leroy
    • 1
  1. 1.INRIA Rocquencourt and Trusted Logic S.A.Le ChesnayFrance

Personalised recommendations