Verifiable control flow policies for java bytecode

Authors:
Arnaud Fontaine;Samuel Hym;Isabelle Simplot-Ryl
Affiliations:
INRIA Lille - Nord Europe, Univ Lille Nord de France, USTL, CNRS LIFL, France;INRIA Lille - Nord Europe, Univ Lille Nord de France, USTL, CNRS LIFL, France;INRIA Lille - Nord Europe, Univ Lille Nord de France, USTL, CNRS LIFL, France
Venue:
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Year:
2011

Citing 14
Cited 1

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforcing trace properties by program transformation

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Model-carrying code: a practical approach for safe execution of untrusted applications

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A systematic approach to static access control

ACM Transactions on Programming Languages and Systems (TOPLAS)
Supporting Security Monitor-Aware Development

SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Compositional verification of sequential programs with procedures

Information and Computation
Execution monitoring enforcement for limited-memory systems

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Do You Really Mean What You Actually Enforced?

Formal Aspects in Security and Trust
Semantically Rich Application-Centric Security in Android

ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Mobile resource guarantees for smart devices

CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Enforcing non-safety security policies with program monitors

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Load time code validation for mobile phone Java Cards

Journal of Information Security and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents the enforcement of control flow policies for Java bytecode dedicated to open and constrained devices. On-device enforcement of security policies mostly relies on run-time monitoring or inline checking code, which is not appropriate for strongly constrained devices such as mobile phones and smart-cards. We present a proof-carrying code approach with on-device lightweight verification of control flow policies statically at loading-time. Our approach is suitable for evolving, open and constrained Java-based systems as it is compositional, to avoid re-verification of already verified bytecode upon loading of new bytecode, and it is regressive, to cleanly support bytecode unloading.