Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Inductive definitions, semantics and abstract interpretations
POPL '92 Proceedings of the 19th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Letters on Programming Languages and Systems (LOPLAS)
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
An Axiomatic Approach to Information Flow in Programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
Checking security of Java bytecode by abstract interpretation
Proceedings of the 2002 ACM symposium on Applied computing
Abstract interpretation of operational semantics for secure information flow
Information Processing Letters
Checking Secure Interactions of Smart Card Applets
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
The Impact of Synchronisation on Secure Information Flow in Concurrent Programs
PSI '02 Revised Papers from the 4th International Andrei Ershov Memorial Conference on Perspectives of System Informatics: Akademgorodok, Novosibirsk, Russia
Abstract Interpretation of Small-Step Semantics
Selected papers from the 5th LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages
A Formal Correspondence between Offensive and Defensive JavaCard Virtual Machines
VMCAI '02 Revised Papers from the Third International Workshop on Verification, Model Checking, and Abstract Interpretation
Java bytecode verification for secure information flow
ACM SIGPLAN Notices
Non-interference for a JVM-like language
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Software—Practice & Experience
Security types preserving compilation
Computer Languages, Systems and Structures
Instruction-level security analysis for information flow in stack-based assembly languages
Information and Computation
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Hi-index | 0.00 |
We present an approach enabling end-users to prove security properties of the Java bytecode by statically analysing the code itself, thus eliminating the run time check for the access permission. The approach is based on the combination of two well-known techniques: abstract interpretation and model checking. By means of an operational abstract semantics of the bytecode, we built a finite transition system embodying security informations and abstracting from actual values. Then we model check it against some formulae expressing security properties. We use the SMV model checker. A main point of the paper is the definition of the properties that the abstract semantics must satisfy to ensure the absence of security leakages.