Skip to main content
SpringerLink
Log in

Security Properties of Typed Applets

  • Chapter
Secure Internet Programming

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1603))

Abstract

This paper formalizes the folklore result that strongly-typed applets are more secure than untyped ones. We formulate and prove several security properties that all well-typed applets possess, and identify sufficient conditions for the applet execution environment to be safe, such as procedural encapsulation, type abstraction, and systematic type-based placement of run-time checks. These results are a first step towards formal techniques for developing and validating safe execution environments for applets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. M. Abadi. Secrecy by typing in security protocols. In Theoretical Aspects of Computer Software’ 97, volume 1281 of Lecture Notes in Computer Science, pages 611–638. Springer-Verlag, Sept. 1997.

    Chapter  Google Scholar 

  2. M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In 26th symposium Principles of Programming Languages, pages 147–160. ACM Press, 1999.

    Google Scholar 

  3. M. Abadi and A. D. Gordon. Reasoning about cryptographic protocols in the Spi calculus. In CONCUR’97: Concurrency Theory, volume 1243 of Lecture Notes in Computer Science, pages 59–73. Springer-Verlag, July 1997.

    Google Scholar 

  4. D. S. Alexander, W. A. Arbaugh, M. W. Hicks, P. Kakkar, A. D. Keromytis, J. T. Moore, C. A. Gunter, S. M. Nettles, and J. M. Smith. The SwitchWare active network architecture. IEEE Network, 12(3):29–36, 1998.

    Article  Google Scholar 

  5. D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. Security in active networks. In J. Vitek and C. Jensen, editors, Secure Internet Programming, Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.

    Google Scholar 

  6. J.-P. Banâtre and C. Bryce. A security proof system for networks of communicating processes. Research report 2042, INRIA, Sept. 1993.

    Google Scholar 

  7. J.-P. Billon. Security breaches in the JDK 1.1 beta2 security API. Dyade, http://www.dyade.fr/fr/actions/VIP/SecHole.html, Jan. 1997.

  8. N. S. Borenstein. Email with a mind of its own: the Safe-Tcl language for enabled mail. In IFIP International Working Conference on Upper Layer Protocols, Architectures and Applications, 1994.

    Google Scholar 

  9. V. Breazu-Tannen, T. Coquand, C. A. Gunter, and A. Scedrov. Inheritance as implicit coercion. Information and Computation, 93(1):172–221, 1991.

    Article  MATH  MathSciNet  Google Scholar 

  10. K. Brunnstein. Hostile ActiveX control demonstrated. RISKS Forum, 18(82), Feb. 1997.

    Google Scholar 

  11. L. Cardelli, S. Martini, J. C. Mitchell, and A. Scedrov. An extension of system F with subtyping. Information and Computation, 109(1–2):4–56, 1994.

    Article  MATH  MathSciNet  Google Scholar 

  12. D. Dean, E. W. Felten, D. S. Wallach, and D. Balfanz. Java security: Web browsers and beyond. In D. E. Denning and P. J. Denning, editors, Internet Besieged: Countering Cyberspace Scofflaws, pages 241–269. ACM Press, 1997.

    Google Scholar 

  13. D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236–242, 1976.

    Article  MATH  MathSciNet  Google Scholar 

  14. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504–513, 1977.

    Article  MATH  Google Scholar 

  15. S. Drossopoulou and S. Eisenbach. Java is type safe — probably. In Proc. 11th European Conference on Object Oriented Programming, volume 1241 of Lecture Notes in Computer Science, pages 389–418. Springer-Verlag, June 1997.

    Google Scholar 

  16. M. Erdos, B. Hartman, and M. Mueller. Security reference model for the Java Developer’s Kit 1.0.2. JavaSoft, http://java.sun.com/security/SRM.html, Nov. 1996.

  17. S. N. Freund and J. C. Mitchell. A type system for object initialization in the Java bytecode language. In Object-Oriented Programming Systems, Languages and Applications 1998, pages 310–327. ACM Press, 1998.

    Google Scholar 

  18. L. Gong. Java security architecture (JDK1.2). JavaSoft, http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc.html, Oct. 1998.

  19. J. Gosling and H. McGilton. The Java language environment — a white paper. JavaSoft, http://java.sun.com/docs/white/langenv, May 1996.

  20. N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In 25th symposium Principles of Programming Languages, pages 365–377. ACM Press, 1998.

    Google Scholar 

  21. D. Hopwood. Java security bug (applets can load native methods). RISKS Forum, 17(83), Mar. 1996.

    Google Scholar 

  22. T. Jensen, D. Le Métayer, and T. Thorn. Security and dynamic class loading in Java: A formalisation. In International Conference on Computer Languages 1998, pages 4–15. IEEE Computer Society Press, 1998.

    Google Scholar 

  23. X. Leroy. Polymorphic typing of an algorithmic language. Research report 1778, INRIA, 1992.

    Google Scholar 

  24. X. Leroy, J. Vouillon, D. Doligez, et al. The Objective Caml system. Software and documentation available on the Web, http://caml.inria.fr/ocaml/, 1996.

  25. R. Milner, M. Tofte, R. Harper, and D. MacQueen. The definition of Standard ML (revised). The MIT Press, 1997.

    Google Scholar 

  26. G. Morrisett, M. Felleisen, and R. Harper. Abstract models of memory management. In Functional Programming Languages and Computer Architecture 1995, pages 66–77. ACM Press, 1995.

    Google Scholar 

  27. G. C. Necula. Proof-carrying code. In 24th symposium Principles of Programming Languages, pages 106–119. ACM Press, 1997.

    Google Scholar 

  28. G. C. Necula and P. Lee. Safe kernel extensions without run-time checking. In Proc. Symp. Operating Systems Design and Implementation, pages 229–243. Usenix association, 1996.

    Google Scholar 

  29. T. Nipkow and D. von Oheimb. JavaLight is type-safe — definitely. In 25th symposium Principles of Programming Languages, pages 161–170. ACM Press, 1998.

    Google Scholar 

  30. J. Palsberg and P. O’Keefe. A type system equivalent to flow analysis. ACM Trans. Prog. Lang. Syst., 17(4):576–599, 1995.

    Article  Google Scholar 

  31. J. Palsberg and P. Ørbaek. Trust in the λ-calculus. Journal of Functional Programming, 7(6):557–591, 1997.

    Article  MATH  MathSciNet  Google Scholar 

  32. G. D. Plotkin. A structural approach to operational semantics. Technical Report DAIMI FN-19, Aarhus University, 1981.

    Google Scholar 

  33. Z. Qian. A formal specification of a large subset of Java Virtual Machine instructions. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, Lecture Notes in Computer Science. Springer-Verlag, 1998. To appear.

    Google Scholar 

  34. J. C. Reynolds. User-defined types and procedural data structures as comple mentary approaches to data abstraction. In C. Gunter and J. Mitchell, editors, Theoretical aspects of object-oriented programming, pages 13–23. MIT Press, 1994.

    Google Scholar 

  35. F. Rouaix. A Web navigator with applets in Caml. In Proceedings of the 5th International World Wide Web Conference, Computer Networks and Telecommunications Networking, volume 28, pages 1365–1371. Elsevier, May 1996.

    Google Scholar 

  36. R. Stata and M. Abadi. A type system for Java bytecode subroutines. In 25th symposium Principles of Programming Languages, pages 149–160. ACM Press, 1998.

    Google Scholar 

  37. D. Syme. Proving JavaS type soundness. Technical Report 427, University of Cambridge Computer Laboratory, June 1997.

    Google Scholar 

  38. J.-P. Talpin and P. Jouvelot. The type and effect discipline. Information and Computation, 111(2):245–296, 1994.

    Article  MATH  MathSciNet  Google Scholar 

  39. M. Tofte. Type inference for polymorphic references. Information and Computation, 89(1), 1990.

    Google Scholar 

  40. D. Volpano and G. Smith. A type-based approach to program security. In Proceedings of TAPSOFT’97, Colloquium on Formal Approaches in Software Engineering, volume 1214 of Lecture Notes in Computer Science, pages 607–621. Springer-Verlag, 1997.

    Google Scholar 

  41. D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):1–21, 1996.

    Google Scholar 

  42. D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten. Extensible security architectures for Java. Technical report 546-97, Department of Computer Science, Princeton University, Apr. 1997.

    Google Scholar 

  43. D. S. Wallach and E. W. Felten. Understanding Java stack inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.

    Google Scholar 

  44. F. Yellin. Low level security in Java. In Proceedings of the Fourth International World Wide Web Conference, pages 369–379. O’Reilly, 1995.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Rocquencourt, Domaine de Voluceau, 78153, Le Chesnay, France

    Xavier Leroy

  2. Liquid Market Inc, 5757 West Century Bld, Los Angeles, CA, 90045, USA

    François Rouaix

Authors
  1. Xavier Leroy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. François Rouaix
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Object Systems Group, University of Geneva, CH-1211, Geneva 4, Switzerland

    Jan Vitek

  2. Department of Computer Science, O’Reilly Institute, Trinity College Dublin, Dublin 2, Ireland

    Christian D. Jensen

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Leroy, X., Rouaix, F. (1999). Security Properties of Typed Applets. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_7

Download citation

  • DOI: https://doi.org/10.1007/3-540-48749-2_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66130-6

  • Online ISBN: 978-3-540-48749-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation