Abstract
Computer security [16,5] is usually defined as ensuring integrity, confidentiality, and availability requirements even in the presence of a determined, malicious opponent. Sensitive data must be modified and consulted by authorized users only (integrity, confidentiality); moreover, the system should resist “denial of service” attacks that attempt to render it unusable (availability). In more colorful language, computer security has been described as “programming Satan’s computer” [6]: the implementor must assume that every weakness that can be exploited will be.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Martín Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749–786, 1999.
Martín Abadi, Anindya Banerjee, Nevin Heintze, and Jon G. Riecke. A core calculus of dependency. In 26th symposium Principles of Programming Languages, pages 147–160. ACM Press, 1999.
Martín Abadi and Bruno Blanchet. Secrecy types for asymmetric communication. In Furio Honsell and Marino Miculan, editors, Proceedings of the 4th International Conference on Foundations of Software Science and Computation Structures, volume 2030 of Lecture Notes in Computer Science, pages 25–41. Springer-Verlag, 2001.
Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The Spi calculus. Information and Computation, 148(1):1–70, 1999.
Ross Anderson. Security Engineering. John Wiley & Sons, 2001.
Ross Anderson and Roger Needham. Programming Satan’s computer. In Computer Science Today: Recent Trends and Developments, number 1000 in Lecture Notes in Computer Science, pages 426–441. Springer-Verlag, 1995.
Frédéric Besson, Thomas de Grenier de Latour, and Thomas Jensen. Secure calling contexts for stack inspection. In Principles and Practice of Declarative Programming (PPDP 2002), pages 76–87. ACM Press, 2002.
Luca Cardelli. Type systems. In Allen B. Tucker, editor, The Computer Science and Engineering Handbook. CRC Press, 1997.
Denis Caromel, Ludovic Henrio, and Bernard Serpette. Context inference for static analysis of java card object sharing. In Proceedings e-Smart 2001, volume 2140 of Lecture Notes in Computer Science. Springer-Verlag, 2001.
Zhiqun Chen. Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. The Java Series. Addison-Wesley, 2000.
Gennady Chugunov, Lars åAke Fredlund, and Dilian Gurov. Model checking multiapplet Java Card applications. In Smart Card Research and Advanced Applications Conference (CARDIS’02), 2002.
Thomas Colcombet and Pascal Fradet. Enforcing trace properties by program transformation. In 27th symposium Principles of Programming Languages, pages 54–66. ACM Press, 2000.
Karl Crary and JosephC. Vanderwaart. An expressive, scalable type theory for certified code. In International Conference on Functional Programming 2002. ACM Press, 2002.
Damien Deville and Gilles Grimaud. Building an “impossible” verifier on a Java Card. In USENIX Workshop on Industrial Experiences with Systems Software (WIESS’02), 2002.
U. Erlingsson and Fred B. Schneider. IRM enforcement of Java stack inspection. In Symposium on Security and Privacy. IEEE Computer Society Press, 2000.
Morrie Gasser. Building a secure computer system. Van Nostrand Reinhold Co., 1988.
Li Gong. Inside Java 2 platform security: architecture, API design, and implementation. The Java Series. Addison-Wesley, 1999.
James A. Gosling. Java intermediate bytecodes. In Proc. ACM SIGPLAN Workshop on Intermediate Representations, pages 111–118. ACM, 1995.
Pieter H. Hartel and Luc A. V. Moreau. Formalizing the safety of Java, the Java virtual machine and Java Card. ACM Computing Surveys, 33(4):517–558, 2001.
Nevin Heintze and Jon G. Riecke. The SLam calculus: programming with secrecy and integrity. In 25th symposium Principles of Programming Languages, pages 365–377. ACM Press, 1998.
Gregor Kiczales, John Lamping, Anurag Mendhekar, Chris Maeda, Cristina Videira Lopes, Jean-Marc Loingtier, and John Irwin. Aspect-oriented programming. In European Conference on Object-Oriented Programming (ECOOP’97), number 1241 in Lecture Notes in Computer Science. Springer-Verlag, 1997.
Paul C. Kocher. Timing attacks on implementations of Diffe-Hellman, RSA, DSS, and other systems. In Proceedings Crypto’ 96, number 1109 in Lecture Notes in Computer Science, pages 104–113. Springer-Verlag, 1996.
Markus Kuhn. Tamper resistance-a cautionary note. In USENIX Workshop on Electronic Commerce proceedings, pages 1–11, 1996.
Markus Kuhn. Design principles for tamper-resistant smartcard processors. In USENIX Workshop on Smartcard Technology proceedings, 1999.
Xavier Leroy. Java bytecode verification: an overview. In G. Berry, H. Comon, and A. Finkel, editors, Computer Aided Verification, CAV 2001, volume 2102 of Lecture Notes in Computer Science, pages 265–285. Springer-Verlag, 2001.
Xavier Leroy. Bytecode verification for Java smart card. Software Practice & Experience, 32:319–340, 2002.
Xavier Leroy and Franşcois Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming-Security issues for Mobile and Distributed Objects, volume 1603 of Lecture Notes in Computer Science, pages 147–182. Springer-Verlag, 1999.
Tim Lindholm and Frank Yellin. The Java Virtual Machine Specification. The Java Series. Addison-Wesley, 1999. Second edition.
Sergio Loureiro, Laurent Bussard, and Yves Roudier. Extending tamper-proof hardware security to untrusted execution environments. In USENIX Smart Card Research and Advanced Application Conference (CARDIS’02), 2002.
Greg Morrisett, Karl Crary, Neal Glew, and David Walker. Stack-based typed assembly language. Journal of Functional Programming, 12(1):43–88, 2002.
Greg Morrisett, David Walker, Karl Crary, and Neal Glew. From System F to typed assembly language. ACM Transactions on Programming Languages and Systems, 21(3):528–569, 1999.
George C. Necula. Proof-carrying code. In 24th symposium Principles of Programming Languages, pages 106–119. ACM Press, 1997.
George C. Necula and Peter Lee. Safe, untrusted agents using proof-carrying code. In Giovanni Vigna, editor, Mobile Agents and Security, volume 1419 of Lecture Notes in Computer Science, pages 61–91. Springer-Verlag, 1997.
Franşois Pottier and Sylvain Conchon. Information flow inference for free. In International Conference on Functional Programming 2000, pages 46–57. ACM Press, 2000.
Franşois Pottier and Vincent Simonet. Information flow inference for ML. In 29th symposium Principles of Programming Languages, pages 319–330. ACM Press, 2002.
François Pottier, Christian Skalka, and Scott Smith. A systematic approach to static access control. In David Sands, editor, Proceedings of the 10th European Symposium on Programming (ESOP’01), volume 2028 of Lecture Notes in Computer Science, pages 30–45. Springer-Verlag, 2001.
Fred B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 2(4), 2000.
Zhong Shao, Bratin Saha, Valery Trifonov, and Nikolaos Papaspyrou. A type system for certified binaries. In 29th symposium Principles of Programming Languages, pages 217–232. ACM Press, 2002.
Sean W. Smith and Steve Weingart. Building a high-performance, programmable secure coprocessor. Technical Report RC 21102, IBM Research, 1998.
Peter Thiemann. Enforcing security properties by type specialization. In European Symposium on Programming 2001, volume 2028 of Lecture Notes in Computer Science. Springer-Verlag, 2001.
Dennis Volpano and Geoffrey Smith. A type-based approach to program security. In Proceedings of TAPSOFT’97, Colloquium on Formal Approaches in Software Engineering, volume 1214 of Lecture Notes in Computer Science, pages 607–621. Springer-Verlag, 1997.
Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):1–21, 1996.
Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review, 27(5):203–216, 1993.
David Walker. A type system for expressive security policies. In 27th symposium Principles of Programming Languages, pages 254–267. ACM Press, 2000.
Dan S. Wallach, Edward W. Felten, and Andrew W. Appel. The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology, 9(4), 2000.
Hongwei Xi and Robert Harper. A dependently typed assembly language. In International Conference on Functional Programming’ 01, pages 169–180. ACM Press, 2001.
Hongwei Xi and Frank Pfenning. Eliminating array bound checking through dependent types. In Programming Language Design and Implementation 1998, pages249–257. ACM Press, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leroy, X. (2003). Computer Security from a Programming Language and Static Analysis Perspective. In: Degano, P. (eds) Programming Languages and Systems. ESOP 2003. Lecture Notes in Computer Science, vol 2618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36575-3_1
Download citation
DOI: https://doi.org/10.1007/3-540-36575-3_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00886-6
Online ISBN: 978-3-540-36575-4
eBook Packages: Springer Book Archive