Communications of the ACM
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for Java bytecode subroutines
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Is the Java type system sound?
Theory and Practice of Object Systems - Special issue on foundations of object-oriented languages
A formal framework for the Java bytecode language and verifier
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A certifying compiler for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Formalizing the safety of Java, the Java virtual machine, and Java card
ACM Computing Surveys (CSUR)
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
Java Card Technology for Smart Cards: Architecture and Programmer's Guide
A Theory of Objects
Java Virtual Machine Specification
Java Virtual Machine Specification
Principles of Program Analysis
Principles of Program Analysis
Java and the Java Virtual Machine: Definition, Verification, Validation with Cdrom
Java and the Java Virtual Machine: Definition, Verification, Validation with Cdrom
Bytecode verification on Java smart cards
Software—Practice & Experience
Formal Techniques for Java Programs
ECOOP '00 Proceedings of the Workshops, Panels, and Posters on Object-Oriented Technology
A Proof-Carrying Code Architecture for Java
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Theoretical Computer Science - Foundations of software science and computation structures
A machine-checked model for a Java-like language, virtual machine, and compiler
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proof-carrying code from certified abstract interpretation and fixpoint compression
Theoretical Computer Science - Applied semantics
Type systems equivalent to data-flow analyses for imperative languages
Theoretical Computer Science - Applied semantics
Computing Stack Maps with Interfaces
ECOOP '08 Proceedings of the 22nd European conference on Object-Oriented Programming
Decomposing bytecode verification by abstract interpretation
ACM Transactions on Programming Languages and Systems (TOPLAS)
The MOBIUS Proof Carrying Code Infrastructure
Formal Methods for Components and Objects
Mnemonics: type-safe bytecode generation at run time
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Small witnesses for abstract interpretation-based proofs
ESOP'07 Proceedings of the 16th European conference on Programming
Using abstract interpretation to add type checking for interfaces in Java bytecode verification
Theoretical Computer Science
Using abstract interpretation to add type checking for interfaces in Java bytecode verification
Theoretical Computer Science
MOBIUS: mobility, ubiquity, security objectives and progress report
TGC'06 Proceedings of the 2nd international conference on Trustworthy global computing
A provably correct stackless intermediate representation for Java bytecode
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Sawja: static analysis workshop for java
FoVeOOS'10 Proceedings of the 2010 international conference on Formal verification of object-oriented software
An Abstract Model of Certificate Translation
ACM Transactions on Programming Languages and Systems (TOPLAS)
Mnemonics: type-safe bytecode generation at run time
Higher-Order and Symbolic Computation
A framework for certified program analysis and its applications to mobile-code safety
VMCAI'06 Proceedings of the 7th international conference on Verification, Model Checking, and Abstract Interpretation
Protocol implementation generator
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Programs from proofs: a PCC alternative
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
Memory-efficient on-card byte code verification for Java cards
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
| Hi-index | 0.00 |
In this paper, we provide a theoretical foundation for and improvements to the existing bytecode verification technology, a critical component of the Java security model, for mobile code used with the Java “micro edition” (J2ME), which is intended for embedded computing devices. In Java, remotely loaded “bytecode” class files are required to be bytecode verified before execution, that is, to undergo a static type analysis that protects the platform's Java run-time system from so-called type confusion attacks such as pointer manipulation. The data flow analysis that performs the verification, however, is beyond the capacity of most embedded devices because of the memory requirements that the typical algorithm will need. We propose to take a proof-carrying code approach to data flow analysis in defining an alternative technique called “lightweight analysis” that uses the notion of a “certificate” to reanalyze a previously analyzed data flow problem, even on poorly resourced platforms. We formally prove that the technique provides the same guarantees as standard bytecode safety verification analysis, in particular that it is “tamper proof” in the sense that the guarantees provided by the analysis cannot be broken by crafting a “false” certificate or by altering the analyzed code. We show how the Java bytecode verifier fits into this framework for an important subset of the Java Virtual Machine; we also show how the resulting “lightweight bytecode verification” technique generalizes and simulates the J2ME verifier (to be expected as Sun's J2ME “K-Virtual machine” verifier was directly based on an early version of this work), as well as Leroy's “on-card bytecode verifier,” which is specifically targeted for Java Cards.