A Tool for Automated Certification of Java Source Code in Maude

Authors:
M. Alba-Castro;M. Alpuente;S. Escobar;P. Ojeda;D. Romero
Affiliations:
Dpto. de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia, Spain;Dpto. de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia, Spain;Dpto. de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia, Spain;Dpto. de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia, Spain;Dpto. de Sistemas Informáticos y Computación, Universidad Politécnica de Valencia, Spain
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 12
Cited 0

Conditional rewriting logic as a unified model of concurrency

Selected papers of the Second Workshop on Concurrency and compositionality
Safe kernel extensions without run-time checking

OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Certification of programs for secure information flow

Communications of the ACM
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Statically checking confidentiality via dynamic labels

WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
On flow-sensitive security types

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preliminary design of JML: a behavioral interface specification language for java

ACM SIGSOFT Software Engineering Notes
Automated Certification of Non-Interference in Rewriting Logic

Formal Methods for Industrial Critical Systems
Automatic certification of Java source code in rewriting logic

FMICS'07 Proceedings of the 12th international conference on Formal methods for industrial critical systems
All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic

All about maude - a high-performance logical framework: how to specify, program and verify systems in rewriting logic
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In previous work, an abstract certification technique for Java source code was proposed based on rewriting logic, which is a semantic framework that has been efficiently implemented in the rule-based programming language Maude. Starting from a specification of a (generic) Java abstract semantics written in Maude, we develop an abstract verification technique that essentially consists of a reachability analysis using the Java abstract semantics. We provide facilities to associate abstract domains to the variables of the considered Java program so that the resulting state-space is finite. As a by-product of the abstract verification, a safety certificate is delivered that contains a set of (abstract) rewriting proofs that can be checked by the code consumer using a standard rewriting logic engine. The main advantage is that the amount of code that must be explicitly trusted is very small. This paper presents a Web tool that implements the abstract certification technique by providing appropriate abstract domains for different safety properties while hiding the technical details of the method from the user. The tool has been devised to be easily extendable to other properties and domains. It currently supports the certification of two kinds of safety properties that are not handled by standard Java compilers: secure integer arithmetic rules and non-interference policies.