Verifiable Control Flow Policies for Java Bytecode

  • Arnaud Fontaine
  • Samuel Hym
  • Isabelle Simplot-Ryl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7140)


This paper presents the enforcement of control flow policies for Java bytecode dedicated to open and constrained devices. On-device enforcement of security policies mostly relies on run-time monitoring or inline checking code, which is not appropriate for strongly constrained devices such as mobile phones and smart-cards. We present a proof-carrying code approach with on-device lightweight verification of control flow policies statically at loading-time. Our approach is suitable for evolving, open and constrained Java-based systems as it is compositional, to avoid re-verification of already verified bytecode upon loading of new bytecode, and it is regressive, to cleanly support bytecode unloading.


Smart Card Security Policy Call Graph Global Policy Left Factor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aspinall, D., Gilmore, S., Hofmann, M., Sannella, D., Stark, I.: Mobile Resource Guarantees for Smart Devices. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 1–26. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Bielova, N., Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Matching in security-by-contract for mobile code. Journal of Logic and Algebraic Programming 78(5), 340–358 (2009)zbMATHCrossRefGoogle Scholar
  3. 3.
    Bielova, N., Massacci, F.: Do You Really Mean What You Actually Enforced? In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 287–301. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Colcombet, T., Fradet, P.: Enforcing trace properties by program transformation. In: POPL 2000, pp. 54–66 (2000)Google Scholar
  5. 5.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P.D.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI 2010. USENIX Association (2010)Google Scholar
  6. 6.
    Fong, P.W.L.: Access control by tracking shallow execution history. In: IEEE S&P 2004, pp. 43–55 (2004)Google Scholar
  7. 7.
    Gurov, D., Huisman, M., Sprenger, C.: Compositional verification of sequential programs with procedures. Information and Computation 206(7), 840–868 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Jensen, T.P., Le Métayer, D., Thorn, T.: Verification of control flow based security properties. In: IEEE S&P 1999, pp. 89–103 (1999)Google Scholar
  9. 9.
    Klein, G., Nipkow, T.: Verified lightweight bytecode verification. Concurrency and Computation: Practice and Experience 13(13), 1133–1151 (2001)zbMATHCrossRefGoogle Scholar
  10. 10.
    Ligatti, J., Bauer, L., Walker, D.: Enforcing Non-Safety Security Policies with Program Monitors. In: di Vimercati,, Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Mizuno, M., Schmidt, D.A.: A security flow control algorithm and its denotational semantics correctness proof. Formal Aspects of Computing 4(6A), 727–754 (1992)zbMATHCrossRefGoogle Scholar
  12. 12.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: POPL 1999, pp. 228–241 (1999)Google Scholar
  13. 13.
    Necula, G.C.: Proof-carrying code. In: POPL 1997, pp. 106–119 (1997)Google Scholar
  14. 14.
    Ongtang, M., McLaughlin, S.E., Enck, W., McDaniel, P.D.: Semantically rich application-centric security in Android. In: ACSAC 2009, pp. 340–349 (2009)Google Scholar
  15. 15.
    Pottier, F., Skalka, C., Smith, S.F.: A systematic approach to static access control. ACM TOPLAS 27(2), 344–382 (2005)CrossRefGoogle Scholar
  16. 16.
    Schneider, F.B.: Enforceable security policies. ACM TISSEC 3(1), 30–50 (2000)CrossRefGoogle Scholar
  17. 17.
    Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: SOSP 2003, pp. 15–28 (2003)Google Scholar
  18. 18.
    Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement for limited-memory systems. In: PST 2006, vol. 380, pp. 38:1–38:12 (2006)Google Scholar
  19. 19.
    Vanoverberghe, D., Piessens, F.: Supporting security monitor-aware development. In: SESS 2007, pp. 2–6 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Arnaud Fontaine
    • 1
  • Samuel Hym
    • 1
  • Isabelle Simplot-Ryl
    • 1
  1. 1.INRIA Lille - Nord Europe, Univ Lille Nord de France, USTL, CNRS LIFLFrance

Personalised recommendations