Abstract
We are developing a secure and certified e-mail system AnZenMail that provides an experimental testbed for our cutting-edge security enhancement technologies. In addition to a provably secure message transfer protocol, we have designed and implemented a server (MTU) and a client (MUA) in order that they could survive recent malicious attacks such as server-cracking and e-mail viruses. The AnZenMail server is implemented in Java, a memory-safe language, and so it is free from stack smashing. Some of its safety properties have been formally verified in Coq mostly at the source code level by manually translating Java methods into Coq functions. The AnZenMail client is designed to provide a support for secure execution of mobile code arriving as e-mail attachments. It has plug-in interfaces for code inspection and execution modules such as static analysis tools, runtime/inline reference monitors, and an anti-virus engine, which are currently being developed by members of our research project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Affeldt, R., Kobayashi, N.: Formalization and Verification of a Mail Server in Coq. Proc. of International Symposium on Software Security, in this volume, 2003.
Aleph One: Smashing the Stack for Fun and Profit, Phrack, 49(7), 1996, http://www.phrack.org/leecharch.php?p=49
Baratloo, A., Singh, N., Tsai, T.: Transparent Run-Time Defense Against Stack-Smashing Attacks. Proc. of USENIX Annual Conference, 2000.
Bernstein, D. J.: The Qmail Security Guarantee.
Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. Proc. of the Royal Society, Series A 426, 233–271, 1989.
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Proc. 7th USENIX Security Conference, 63–78, 1998.
Crocker, S., Freed, N., Galvin, J., Murphy, S.: MIME Object Security Services. RFC 1848, 1995.
Deng, R. H., Gong, L., Lazar, A. A., Wang, W.: Practical Protocols for Certified Electronic Mail. J. of Network and System Management, 4(3), 279–297, 1996.
Ducheneaut, N., Bellotti, V.: E-mail as Habitat. Interactions, ACM, 8(5), 30–38, 2001.
Goldberg, Y., Safran, M., Shapiro, E.: Active Mail-A Framework for Implementing Groupware. Proc. of the Conf. on Computer Supported Cooperative Work, 75–83, 1992.
Hoffman, P.: SMTP Service Extension for Secure SMTP over TLS. RFC 2487, 1999.
Igarashi, A., Kobayashi, N.: Resource Usage Analysis. Proc. of ACM Symposium on Principles of Programming Languages, 331–342, 2001.
Jaeger, T., Prakash, A., Liedtke, J., Islam, N.: Flexible Control of Downloaded Executable Content. ACM Trans. on Information and System Security, 2(2), 177–228, 1999.
Kato, K., Oyama, Y.: SoftwarePot: An Encapsulated Transferable File System for Secure Software Circulation. Proc. of International Symposium on Software Security, in this volume, 2003.
Kent, S. T.: Internet Privacy Enhanced Mail. Comm. of the ACM, 36(8), 48–60, 1993.
Klensin, J. (ed): Simple Mail Transfer Protocol. RFC 2821, 2001.
Pfitzmann, B., Schunter, M., Waidner, M.: Provably Secure Certified Mail. Research Report, RZ 3207(#93253), IBM, 2000.
OpenBSD security. http://www.openbsd.org/security.html
Ramsdell, B. (ed): S/MIME Version 3 Message Specification. RFC 2633, 1999.
Viega, J., McGraw, G., Mutdosch, T., Felten, E. W.: Statically Scanning Java Code: Finding Security Vulnerabilities. IEEE Software, 17(5), 68–74, 2000.
Wallach, D. S., Appel, A. W., Felten, E. W.: SAFKASI: A Security Mechanism for Language-Based Systems. ACM Trans. on Software Engineering and Methodology, 9(4), 341–378, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shibayama, E., Hagihara, S., Kobayashi, N., Nishizaki, Sy., Taura, K., Watanabe, T. (2003). AnZenMail: A Secure and Certified E-mail System. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_13
Download citation
DOI: https://doi.org/10.1007/3-540-36532-X_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00708-1
Online ISBN: 978-3-540-36532-7
eBook Packages: Springer Book Archive