Abstract
Resource security pertains to the prevention of unauthorized usage of system resources that may not directly cause corruption or leakage of information. A common breach of resource security is the class of attacks called DoS (Denial of Service) attacks. This paper proposes an architecture called TINMAN whose goal is to efficiently and effectively safeguard resource security for mobile source code written in C. We couple resource usage checks at the programming language level and at the run-time system level. This is achieved by the generation of a resource skeleton from source code. This resource skeleton abstracts the resource consumption behavior of the program which is validated by means of a resource usage certificate that is derived from proof generation. TINMAN uses resource-usage checking tools to generate proof obligations required of the resource usage certificate and provides full coverage by monitoring any essential property not guaranteed by the certificates. We shall describe the architecture of TINMAN and give some experimental results of the preliminary TINMAN implementation.
This work is supported in part by a grant from the US Office of Naval Research under grant number N00014-99-1-0402 and N00014-98-1-0704.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Wetherall, D., Guttag, J., Tennenhouse, D.: ANTS: A Toolkit for Building and Dynamically Deploying Network Protocols. IEEE OPENARCH (1998) 117–129
Hicks, M. W., Kakkar, P., Moore, J. T., Gunter, C. A., Nettles, S.: PLAN: A Packet Language for Active Networks. International Conference on Functional Programming (1998) 86–93
Schwartz, B., Jackson, A.W., Strayer, W.T., Zhou W., Rockwell, D., Partridge, C.: Smart Packets: Applying Active Networks to Network Management. ACM Transactions on Computer Systems 18:1 (2000) 67–88
Kornblum, J., Raz, D., Shavitt, Y.: The Active Process Interaction with its Environment. Lucent Technology (1999)
Fritzinger, J. S., Mueller, M.: Java Security. Sun Microsystems white paper (1996)
Necula, G.C.: Proof-Carrying Code. POPL’97 (1997) 106–119
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to Typed Assembly Language. IEEE Symposium on Principles of Programming Languages (1998)
TINMAN Project. http://www.cs.utexas.edu/wjyu/tinman
Guyer, S.Z., Jiménez, D.A., Lin, C.: Using C-Breeze. Department of Computer Sciences, The University of Texas, (2002). http://www.cs.utexas.edu/users/lin/cbz
Park, C. Y., Shaw, A. C.: Experiments with a program timing tool based on source-level timing schema. Computer J 25:5 (1991) 48–57
Aho, A. V., Sethi, R., Ullman, J. D.: Compilers: Principles, Techniques, and Tools. Addison Wesley (1986)
Healy, C., Sjdin, M., Rustagi, V., Whalley, D.: Bounding Loop Iterations for Timing Analysis. IEEE Real-Time Applications Symposium (RTAS’98) (1998) 12–21
Unnikrishnan, L., Stoller, S.D., Liu, Y.A.: Automatic accurate stack space and heap space analysis for high-level languages. Computer Science Department, Indiana University TR 538 (2000)
Hooman, J.: Correctness of Real Time Systems by Construction. FTRTFTS: Formal Techniques in Real-Time and Fault-Tolerant Systems LNCS 863, Springer-Verlag, (1994) 19–40
Owre, S., Rushby, J., Shankar, N.: PVS: A prototype verification system. 11th International Conference on Automated Deduction, Lecture Notes in Artificial Intelligence, Springer Verlag (1992) 748–752
Alexander, D.S., Anagnostakis, K.G., Arbaugh, W. A., Keromytis, A.D., Smith, J. M.: The Price of Safety in an Active Network. University of Pennsylvania MS-CIS-99-02 (1999)
Evans, D., Twyman, A.: Flexible Policy-directed Code Safety. The IEEE Symposium on Research in Security and Privacy, Research in Security and Privacy IEEE Computer Society Press (1999) 32–45
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mok, A.K., Yu, W. (2002). TINMAN: A Resource Bound Security Checking System for Mobile Code. In: Gollmann, D., Karjoth, G., Waidner, M. (eds) Computer Security — ESORICS 2002. ESORICS 2002. Lecture Notes in Computer Science, vol 2502. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45853-0_11
Download citation
DOI: https://doi.org/10.1007/3-540-45853-0_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44345-2
Online ISBN: 978-3-540-45853-1
eBook Packages: Springer Book Archive