Abstract
Security automata are a convenient way to describe security policies. Their typical use is to monitor the execution of an application, and to interrupt it as soon as the security policy is violated. However, run-time adherence checking is not always convenient. Instead, we aim at developing a technique to verify adherence to a security policy statically. To do this, we consider a security automaton as specification, and we generate JML annotations that inline the monitor – as a specification – into the application. We describe this translation and prove preservation of program behaviour, i.e., if monitoring does not reveal a security violation, the generated annotations are respected by the program.
The correctness proofs are formalised using the PVS theorem prover. This reveals several subtleties to be considered in the definition of the translation algorithm and in the program requirements.
This work is partially funded by the IST FET programme of the European Commission, under the IST-2005-015905 Mobius project. Research done while the authors where at INRIA Sophia Antipolis.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aktug, I.: Algorithmic Verification Techniques for Mobile Code. PhD thesis, Royal Institute of Technology (KTH), Sweden (2008)
Aktug, I., Dam, M., Gurov, D.: Provably correct runtime monitoring. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 262–277. Springer, Heidelberg (2008)
Aktug, I., Naliuka, K.: ConSpec: A Formal Language for Policy Specification. In: Run Time Enforcement for Mobile and Distributed Systems (REM 2007). Electronic Notes in Theoretical Computer Science, vol. 197-1, pp. 45–58 (2007)
Cheon, Y., Perumendla, A.: Specifying and Checking Method Call Sequences of Java Programs. Software Quality Journal 15, 7–25 (2007)
Giorgetti, A., Groslambert, J.: JAG: JML Annotation Generation for verifying temporal properties. In: Baresi, L., Heckel, R. (eds.) FASE 2006. LNCS, vol. 3922, pp. 373–376. Springer, Heidelberg (2006)
Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification, 3rd edn. The Java Series. Addison-Wesley, Reading (2005)
Hubbers, E., Oostdijk, M., Poll, E.: From finite state machines to provably correct Java Card applets. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S.K. (eds.) IFIP Information Security Conference, pp. 465–470. Kluwer Academic Publishers, Dordrecht (2003), http://autojml.sourceforge.net
Huisman, M.: Run-time verification can miss errors - why finally clauses can be dangerous (manuscript, 2008)
Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Kiniry, J.: JML Reference Manual. In: Progress. Department of Computer Science, Iowa State University. (July 2005), http://www.jmlspecs.org
von Oheimb, D.: Analyzing Java in Isabelle/HOL: Formalization, Type Safety and Hoare Logic. PhD thesis, Technische Universität München (2001)
Owre, S., Rajan, S., Rushby, J.M., Shankar, N., Srivas, M.K.: PVS: Combining specification, proof checking, and model checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 411–414. Springer, Heidelberg (1996)
Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L.: Enforcing high level security properties for applets. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., El Kalam, A.A. (eds.) Cardis 2004, pp. 1–16. Kluwer Academic Publishers, Dordrecht (2004)
Schneider, F.B.: Enforceable security policies. Technical Report TR99-1759, Cornell University (October 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Huisman, M., Tamalet, A. (2009). A Formal Connection between Security Automata and JML Annotations. In: Chechik, M., Wirsing, M. (eds) Fundamental Approaches to Software Engineering. FASE 2009. Lecture Notes in Computer Science, vol 5503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00593-0_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-00593-0_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00592-3
Online ISBN: 978-3-642-00593-0
eBook Packages: Computer ScienceComputer Science (R0)