Larch: languages and tools for formal specification
Larch: languages and tools for formal specification
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Object-Oriented Programming in Eiffel: 2nd Ed.
Object-Oriented Programming in Eiffel: 2nd Ed.
Java Virtual Machine Specification
Java Virtual Machine Specification
An overview of JML tools and applications
International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
MultiJava: Design rationale, compiler implementation, and applications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Beyond assertions: advanced specification and verification with JML and ESC/Java2
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Hi-index | 0.00 |
Nowadays systems that download updates from the net or let the user download third-party code for extending the application functions (plug-ins) are widespread. In these dynamic environments the code that is going to be executed is not known at compile-time, and often not even at application start-up, neither by the application producer nor by the user. This turns reliable, well designed software into a dangerous and potentially malicious software for the user and for the system it runs onto: i.e., a well-behaved modular application becomes the unwilling host for malicious components. In this scenario, the application producer lines up with the user in requesting that dynamically loaded third-party components must satisfy given security requirements. In this paper we present a framework that allows the consumer side of untrusted code to state desired properties about it. We exploit the facilities of the so-called virtual execution environments to encode directly into the meta-data of object code a well structured specification. Once the dynamic component is loaded at run-time by the main application, the framework will recover such specifications and check them against the requirements gathered from the main application, the user and the host operating system, injecting run-time checks as needed into the untrusted code to ensure that the actual behaviour of the component matches the specified one.