Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for Java bytecode subroutines
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for object initialization in the Java bytecode language
ACM Transactions on Programming Languages and Systems (TOPLAS)
A sound type system for secure flow analysis
Journal of Computer Security
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Bytecode verification on Java smart cards
Software—Practice & Experience
Hi-index | 0.00 |
Bytecode verification forms the corner stone of the Java security model that ensures the integrity of the runtime environment even in the presence of untrusted code. Limited devices, like Java smart cards, lack the necessary amount of memory to verify the type-safety of Java bytecode on their own. Proof carrying code techniques compute, outside the device, tamper-proof certificates which simplify bytecode verification and pass them along with the code. Rose has developed such an approach for a small subset of the Java bytecode language. In this paper, we extend this approach to real world Java software and develop a precise model of the memory requirements on the device. We use a variant of interval graphs to model liveness of memory regions in the checking step. Based on this model, memory-optimal checking strategies are computed outside the device and attached to the certificate. The underlying type system of the bytecode verifier has been augmented with multi-dimensional arrays and recognizes references to uninitialized Java objects. Our detailed measurements, based on real world Java libraries, demonstrate that the approach offers a substantial improvement in size of certificate over the similar approach taken by the KVM verifier. Worst case memory consumption on the device is examined as well and it turns out that the refinements based on our model save a significant amount of memory.