Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing trace properties by program transformation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A systematic approach to static access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
Supporting Security Monitor-Aware Development
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Compositional verification of sequential programs with procedures
Information and Computation
Execution monitoring enforcement for limited-memory systems
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Do You Really Mean What You Actually Enforced?
Formal Aspects in Security and Trust
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Mobile resource guarantees for smart devices
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Load time code validation for mobile phone Java Cards
Journal of Information Security and Applications
Hi-index | 0.00 |
This paper presents the enforcement of control flow policies for Java bytecode dedicated to open and constrained devices. On-device enforcement of security policies mostly relies on run-time monitoring or inline checking code, which is not appropriate for strongly constrained devices such as mobile phones and smart-cards. We present a proof-carrying code approach with on-device lightweight verification of control flow policies statically at loading-time. Our approach is suitable for evolving, open and constrained Java-based systems as it is compositional, to avoid re-verification of already verified bytecode upon loading of new bytecode, and it is regressive, to cleanly support bytecode unloading.