Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Typed memory management in a calculus of capabilities
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for Java bytecode subroutines
ACM Transactions on Programming Languages and Systems (TOPLAS)
From system F to typed assembly language
ACM Transactions on Programming Languages and Systems (TOPLAS)
A type system for object initialization in the Java bytecode language
ACM Transactions on Programming Languages and Systems (TOPLAS)
ACM Transactions on Information and System Security (TISSEC)
Standard fixpoint iteration for Java bytecode verification
ACM Transactions on Programming Languages and Systems (TOPLAS)
Software—Practice & Experience - Special issue on aliasing in object-oriented systems
Alias burying: unique variables without destructive reads
Software—Practice & Experience - Special issue on aliasing in object-oriented systems
Formalizing the safety of Java, the Java virtual machine, and Java card
ACM Computing Surveys (CSUR)
Featherweight Java: a minimal core calculus for Java and GJ
ACM Transactions on Programming Languages and Systems (TOPLAS)
Encapsulating objects with confined types
OOPSLA '01 Proceedings of the 16th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Java Virtual Machine Specification
Java Virtual Machine Specification
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
Java and the Java Virtual Machine: Definition, Verification, Validation with Cdrom
Java and the Java Virtual Machine: Definition, Verification, Validation with Cdrom
Stack inspection: Theory and variants
ACM Transactions on Programming Languages and Systems (TOPLAS)
Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Hoare Logic for NanoJava: Auxiliary Variables, Side Effects, and Virtual Methods Revisited
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Secure Information Flow and Pointer Confinement in a Java-like Language
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Journal of Automated Reasoning
A Type System for the Java Bytecode Language and Verifier
Journal of Automated Reasoning
A static type system for JVM access control
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
Lightweight confinement for featherweight java
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
Pluggable verification modules: an extensible protection mechanism for the JVM
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A tail-recursive machine with stack inspection
ACM Transactions on Programming Languages and Systems (TOPLAS)
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Java(TM) Language Specification, The (3rd Edition) (Java (Addison-Wesley))
Non-interference for a JVM-like language
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Stack-based access control and secure information flow
Journal of Functional Programming
A systematic approach to static access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
Type Annotations to Improve Stack-Based Access Control
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Journal of Functional Programming
Executable JVM model for analytical reasoning: a study
Science of Computer Programming - Special issue on advances in interpreters, virtual machines and emulators (IVME'03)
An executable formal java virtual machine thread model
JVM'01 Proceedings of the 2001 Symposium on JavaTM Virtual Machine Research and Technology Symposium - Volume 1
Enforcing non-safety security policies with program monitors
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
Type-based protection mechanisms in a JVM-like environment must be administrated by the code consumer at the bytecode level. Unfortunately, formulating a sound static type system for the full JVM bytecode language can be a daunting task. It is therefore counter-productive for the designer of a bytecode-level type system to address the full complexity of the VM environment in the early stage of design. In this work, a lightweight modelling tool, Featherweight JVM, is proposed to facilitate the early evaluation of bytecode-level, type-based protection mechanisms and, specifically, their ability to enforce security-motivated stack invariants and confinement properties. Rather than modelling the execution of a specific bytecode stream, Featherweight JVM is a nondeterministic event model that captures all the possible access event sequences that may be generated by a JVM-like environment when well-typed bytecode programs are executed. The effect of deploying a type-based protection mechanism can be modelled by a safety policy that constrains the event sequences produced by the VM model. To evaluate the effectiveness of the protection mechanism, security theorems in the form of state invariants can then be proved in the policy-guarded VM model. To demonstrate the utility of the proposed approach, Vitek et al.'s Confined Types has been formulated as a safety policy for the Featherweight JVM, and a corresponding confinement theorem has been established. To reduce class loading overhead, a capability-based reformulation of Confined Types is then studied, and is shown to preserve the confinement theorem. This paper thus provides first evidence on the utility of Featherweight JVM in providing early feedback to the designer of type-based protection mechanisms for JVM-like environments.