Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Formal Aspects in Security and Trust

FAST 2011: Formal Aspects of Security and Trust pp 115–130Cite as

Verifiable Control Flow Policies for Java Bytecode

  • Conference paper

  • 757 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7140))

Abstract

This paper presents the enforcement of control flow policies for Java bytecode dedicated to open and constrained devices. On-device enforcement of security policies mostly relies on run-time monitoring or inline checking code, which is not appropriate for strongly constrained devices such as mobile phones and smart-cards. We present a proof-carrying code approach with on-device lightweight verification of control flow policies statically at loading-time. Our approach is suitable for evolving, open and constrained Java-based systems as it is compositional, to avoid re-verification of already verified bytecode upon loading of new bytecode, and it is regressive, to cleanly support bytecode unloading.

This work is supported by the EU-FET-IP-SECURECHANGE project.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aspinall, D., Gilmore, S., Hofmann, M., Sannella, D., Stark, I.: Mobile Resource Guarantees for Smart Devices. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 1–26. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Bielova, N., Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Matching in security-by-contract for mobile code. Journal of Logic and Algebraic Programming 78(5), 340–358 (2009)

    Article  MATH  Google Scholar 

  3. Bielova, N., Massacci, F.: Do You Really Mean What You Actually Enforced? In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 287–301. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: POPL 2000, pp. 54–66 (2000)

    Google Scholar 

  5. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P.D.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI 2010. USENIX Association (2010)

    Google Scholar 

  6. Fong, P.W.L.: Access control by tracking shallow execution history. In: IEEE S&P 2004, pp. 43–55 (2004)

    Google Scholar 

  7. Gurov, D., Huisman, M., Sprenger, C.: Compositional verification of sequential programs with procedures. Information and Computation 206(7), 840–868 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  8. Jensen, T.P., Le Métayer, D., Thorn, T.: Verification of control flow based security properties. In: IEEE S&P 1999, pp. 89–103 (1999)

    Google Scholar 

  9. Klein, G., Nipkow, T.: Verified lightweight bytecode verification. Concurrency and Computation: Practice and Experience 13(13), 1133–1151 (2001)

    Article  MATH  Google Scholar 

  10. Ligatti, J., Bauer, L., Walker, D.: Enforcing Non-Safety Security Policies with Program Monitors. In: di Vimercati, S.de.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Mizuno, M., Schmidt, D.A.: A security flow control algorithm and its denotational semantics correctness proof. Formal Aspects of Computing 4(6A), 727–754 (1992)

    Article  MATH  Google Scholar 

  12. Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL 1999, pp. 228–241 (1999)

    Google Scholar 

  13. Necula, G.C.: Proof-carrying code. In: POPL 1997, pp. 106–119 (1997)

    Google Scholar 

  14. Ongtang, M., McLaughlin, S.E., Enck, W., McDaniel, P.D.: Semantically rich application-centric security in Android. In: ACSAC 2009, pp. 340–349 (2009)

    Google Scholar 

  15. Pottier, F., Skalka, C., Smith, S.F.: A systematic approach to static access control. ACM TOPLAS 27(2), 344–382 (2005)

    Article  Google Scholar 

  16. Schneider, F.B.: Enforceable security policies. ACM TISSEC 3(1), 30–50 (2000)

    Article  Google Scholar 

  17. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: SOSP 2003, pp. 15–28 (2003)

    Google Scholar 

  18. Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement for limited-memory systems. In: PST 2006, vol. 380, pp. 38:1–38:12 (2006)

    Google Scholar 

  19. Vanoverberghe, D., Piessens, F.: Supporting security monitor-aware development. In: SESS 2007, pp. 2–6 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Lille - Nord Europe, Univ Lille Nord de France, USTL, CNRS LIFL, France

    Arnaud Fontaine, Samuel Hym & Isabelle Simplot-Ryl

Authors
  1. Arnaud Fontaine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samuel Hym
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Isabelle Simplot-Ryl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software Institute, Universidad Politecnica de Madrid, Campus Montegancedo, 28660, Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  2. Carnegie Mellon University, NASA Research Park, Bldg. 23 (MS 23-11), P.O. Box 1, 94035-0001, Moffet Field, CA, USA

    Anupam Datta

  3. Faculty of Mathematics and Computer Science, Embedded Systems Security Group, Technical University of Eindhoven, P.O. Box 513, 5600 MB, Eindhoven, The Netherlands

    Sandro Etalle

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fontaine, A., Hym, S., Simplot-Ryl, I. (2012). Verifiable Control Flow Policies for Java Bytecode. In: Barthe, G., Datta, A., Etalle, S. (eds) Formal Aspects of Security and Trust. FAST 2011. Lecture Notes in Computer Science, vol 7140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29420-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29420-4_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29419-8

  • Online ISBN: 978-3-642-29420-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation