AnZenMail: a secure and certified e-mail system

Authors:
Etsuya Shibayama;Shigeki Hagihara;Naoki Kobayashi;Shin-ya Nishizaki;Kenjiro Taura;Takuo Watanabe
Affiliations:
Graduate School of Information Science and Engineering, Tokyo Institute of Technology, Tokyo, Japan;Graduate School of Information Science and Engineering, Tokyo Institute of Technology, Tokyo, Japan;Graduate School of Information Science and Engineering, Tokyo Institute of Technology, Tokyo, Japan;Graduate School of Information Science and Engineering, Tokyo Institute of Technology, Tokyo, Japan;The University of Tokyo, Tokyo, Japan;The National Institute of Informatics, Tokyo, Japan and Graduate School of Information Science and Engineering, Tokyo Institute of Technology, Tokyo, Japan
Venue:
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Year:
2002

Citing 11
Cited 1

Active mail—a framework for implementing groupware

CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Internet Privacy Enhanced Mail

Communications of the ACM - Special issue on internetworking
Flexible control of downloaded executable content

ACM Transactions on Information and System Security (TISSEC)
SAFKASI: a security mechanism for language-based systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
E-mail as habitat: an exploration of embedded personal information management

interactions
Resource usage analysis

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Statically Scanning Java Code: Finding Security Vulnerabilities

IEEE Software
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks

ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
SoftwarePot: an encapsulated transferable file system for secure software circulation

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Formalization and verification of a mail server in Coq

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems

Formalization and verification of a mail server in Coq

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We are developing a secure and certified e-mail system AnZenMail that provides an experimental testbed for our cutting-edge security enhancement technologies. In addition to a provably secure message transfer protocol, we have designed and implemented a server (MTU) and a client (MUA) in order that they could survive recent malicious attacks such as server-cracking and e-mail viruses. The AnZenMail server is implemented in Java, a memory-safe language, and so it is free from stack smashing. Some of its safety properties have been formally verified in Coq mostly at the source code level by manually translating Java methods into Coq functions. The AnZenMail client is designed to provide a support for secure execution of mobile code arriving as email attachments. It has plug-in interfaces for code inspection and execution modules such as static analysis tools, runtime/inline reference monitors, and an anti-virus engine, which are currently being developed by members of our research project.