Skip to main content
SpringerLink
Log in

JACK — A Tool for Validation of Security and Behaviour of Java Applications

  • Conference paper
Formal Methods for Components and Objects (FMCO 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4709))

Included in the following conference series:

Abstract

We describe the main features of JACK (Java Applet Correctness Kit), a tool for the validation of Java applications, annotated with JML specifications. JACK has been especially designed to improve the quality of trusted personal device applications. JACK is fully integrated with the IDE Eclipse, and provides an easily accessible user interface. In particular, it allows to inspect the generated proof obligations in a Java syntax, and to trace them back to the source code that gave rise to them. Further, JACK provides support for annotation generation, and for interactive verification. The whole platform works both for source code and for bytecode, which makes it particularly suitable for a proof carrying code scenario.

This work is partially funded by the IST programme of the European Commission, under the IST-2003-507894 Inspired and IST-2005-015905 Mobius projects.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abrial, J.-R.: The B Book, Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)

    MATH  Google Scholar 

  2. Alagić, S., Royer, M.: Next generation of virtual platforms. Article in odbms.org (October 2005), http://odbms.org/about_contributors_alagic.html

  3. Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 151–171. Springer, Heidelberg (2005)

    Google Scholar 

  4. Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass – Java with Assertions. In: Havelund, K., Roşu, G. (eds.) ENTCS, vol. 55(2), Elsevier Publishing, Amsterdam (2001)

    Google Scholar 

  5. Barthe, G., Pavlova, M., Schneider, G.: Precise analysis of memory consumption using program logics. In: Software Engineering and Formal Methods, pp. 86–95. IEEE Press, Los Alamitos (2005)

    Google Scholar 

  6. Barthe, G., Rezk, T., Saabas, A.: Proof obligations preserving compilation. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 112–126. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software: The KeY Approach. LNCS (LNAI), vol. 4334. Springer, Heidelberg (2007)

    Google Scholar 

  8. van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) ETAPS 2001 and TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Bieber, P., Cazin, J., Girard, P., Lanet, J.-L., Wiels, V., Zanon, G.: Checking secure interactions of smart card applets. Journal of Computer Security 10(4), 369–398 (2002)

    Google Scholar 

  10. Breunesse, C., Cataño, N., Huisman, M., Jacobs, B.: Formal methods for smart cards: an experience report. Science of Computer Programming 55(1-3), 53–80 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  11. Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J.R., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. In: Arts, T., Fokkink, W. (eds.) Workshop on Formal Methods for Industrial Critical Systems. Electronic Notes in Theoretical Computer Science, vol. 80, pp. 73–89. Elsevier Science, Inc, Amsterdam (2003) Preprint University of Nijmegen (TR NIII-R0309)

    Google Scholar 

  12. Burdy, L., Huisman, M., Pavlova, M.: Preliminary design of BML: A behavioral interface specification language for Java bytecode. In: Fundamental Approaches to Software Engineering (FASE 2007). LNCS, vol. 4422, pp. 215–229. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Burdy, L., Pavlova, M.: Java bytecode specification and verification. In: Symposium on Applied Computing, pp. 1835–1839. Association of Computing Machinery Press (2006)

    Google Scholar 

  14. Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: A developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)

    Google Scholar 

  15. Chander, A., Espinosa, D., Islam, N., Lee, P., Necula, G.: JVer: A Java Verifier. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, Springer, Heidelberg (2005)

    Google Scholar 

  16. Charles, J.: Adding native specifications to JML. In: Workshop on Formal Techniques for Java Programs (2006)

    Google Scholar 

  17. Cok, D., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 108–128. Springer, Heidelberg (2005)

    Google Scholar 

  18. Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: Principles of Programming Languages, POPL’00, pp. 54–66. ACM Press, New York (2000)

    Google Scholar 

  19. Coq development team: The Coq proof assistant reference manual V8.0. Technical Report 255, INRIA, France (mars 2004), http://coq.inria.fr/doc/main.html

  20. Courbot, A., Pavlova, M., Grimaud, G., Vandewalle, J.J.: A low-footprint Java-to-native compilation scheme using formal methods. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 329–344. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  21. Delahaye, D.: A tactic language for the system Coq. In: Parigot, M., Voronkov, A. (eds.) LPAR 2000. LNCS (LNAI), vol. 1955, pp. 85–95. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  22. Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. Journal of the Association of Computing Machinery 52(3), 365–473 (2005)

    MathSciNet  Google Scholar 

  23. Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM 18(8), 453–457 (1975)

    Article  MathSciNet  MATH  Google Scholar 

  24. Erlingsson, U.: The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Department of Computer Science, Cornell University. Available as Technical Report 2003-1916 (2003)

    Google Scholar 

  25. Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2), 1–25 (2001)

    Article  Google Scholar 

  26. Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 500–517. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  27. Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: Generating compact verification conditions. In: Principles of Programming Languages, pp. 193–205. New York, USA. Association of Computing Machinery Press (2001)

    Google Scholar 

  28. Jacobs, B.: Weakest precondition reasoning for Java programs with JML annotations. Journal of Logic and Algebraic Programming 58, 61–88 (2004)

    Article  MATH  Google Scholar 

  29. Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. ACM SIGSOFT Software Engineering Notes 31, 1–38 (2006)

    Article  Google Scholar 

  30. Leavens, G.T., Leino, K.R.M., Müller, P.: Specification and verification challenges for sequential object-oriented programs. Formal Aspects of Computing (to appear, 2007)

    Google Scholar 

  31. Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Kiniry, J.: JML Reference Manual. In: Progress. Department of Computer Science, Iowa State University (July 2005), Available from http://www.jmlspecs.org

  32. Lindholm, T., Yellin, F.: The JavaTM Virtual Machine Specification, 2nd edn. Sun Microsystems, Inc. (1999), http://java.sun.com/docs/books/vmspec/

  33. Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated with JML annotations. Journal of Logic and Algebraic Programming 58, 89–106 (2004)

    Article  MATH  Google Scholar 

  34. Meyer, J., Poetzsch-Heffter, A.: An architecture of interactive program provers. In: Graf, S., Schwartzbach, M. (eds.) ETAPS 2000 and TACAS 2000. LNCS, vol. 1785, pp. 63–77. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  35. Necula, G.C.: Proof-carrying code. In: Principles of Programming Languages, pp. 106–119, New York, USA. Association of Computing Machinery Press (1997)

    Google Scholar 

  36. Pavlova, M.: Specification and verification of Java bytecode. PhD thesis, Université de Nice Sophia-Antipolis (2007)

    Google Scholar 

  37. Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L.: Enforcing high-level security properties for applets. In: Paradinas, P., Quisquater, J.-J. (eds.) CARDIS 2004, Kluwer Academic Publishing, Dordrecht (2004)

    Google Scholar 

  38. Schneider, F.B.: Enforceable security policies. Technical Report TR99-1759, Cornell University (October 1999)

    Google Scholar 

  39. The Coq Development Team: The Coq Proof Assistant Reference Manual – Version V8.1 (July 2006), http://coq.inria.fr

  40. Winterstein, D., Aspinall, D., Lüth, C.: Proof General/Eclipse: A generic interface for interactive proof. In: International Workshop on User Interfaces for Theorem Provers 2005 (UITP’05) (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Sophia Antipolis, France

    Gilles Barthe, Lilian Burdy, Julien Charles, Benjamin Grégoire & Marieke Huisman

  2. Gemalto, France

    Jean-Louis Lanet & Antoine Requet

  3. Ludwig-Maximilians-Universität München, Germany

    Mariela Pavlova

Authors
  1. Gilles Barthe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lilian Burdy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Julien Charles
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benjamin Grégoire
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marieke Huisman
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jean-Louis Lanet
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Mariela Pavlova
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Antoine Requet
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Frank S. de Boer Marcello M. Bonsangue Susanne Graf Willem-Paul de Roever

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Barthe, G. et al. (2007). JACK — A Tool for Validation of Security and Behaviour of Java Applications. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, WP. (eds) Formal Methods for Components and Objects. FMCO 2006. Lecture Notes in Computer Science, vol 4709. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74792-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74792-5_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74791-8

  • Online ISBN: 978-3-540-74792-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation