Abstract
We present an approach enabling end-users to prove security properties of the Java bytecode by statically analysing the code itself, thus eliminating the run time check for the access permission. The approach is based on the combination of two well-known techniques: abstract interpretation and model checking. By means of an operational abstract semantics of the bytecode, we built a finite transition system embodying security informations and abstracting from actual values. Then we model check it against some formulae expressing security properties. We use the SMV model checker. A main point of the paper is the definition of the properties that the abstract semantics must satisfy to ensure the absence of security leakages.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
G. R. Andrews, R. P. Reitman. An axiomatic approach to information flow in programs. ACM Transactions on programming languages and systems, 2(1), 1980, pp. 56–76.
T. Ball. What’s in a region? Or computing control dependence regions in nearlinear time for reducible control flow. ACM Letters on Programming languages and Systems, Vol. 2, N. 1–4, 1993, pp. 1–16.
R. Barbuti, C. Bernardeschi, N. De Francesco. Abstract Interpretation of Operational Semantics for Secure Information Flow. To appear on Information Processing Letters.
R. Barbuti, C. Bernardeschi, N. De Francesco. Checking Security of Java Bytecode by Abstract Interpretation. Proceedings of the Special Track on Security at the ACM Symposium on Applied Computing (SAC2002), March 10–14, Spain 2002, (to appear).
P. Bieber, J. Cazin, P. Girard, J-L. Lanet, V. Wiels, G. Zanon. Checking Secure Interactions of Smart Card Applets. Proceedings of ESORICS 2000.
E.M. Clarke, E.A. Emerson, A.P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on programming Languages and Systems, vol. 8, n. 2, 1986, 244–263.
P. Cousot, R. Cousot. Abstract interpretation frameworks. Journal of Logic and Computation, 2, 1992, pp. 511–547.
P. Cousot, R. Cousot. Inductive Definitions,Semantics and Abstract interpretations. Proc. 19th ACM Symposium on Principles of programming languages, POPL’92, 1992, pp. 83–94.
D. E. Denning, P. J. Denning. Certification of programs for secure information flow. Communications of the ACM, 20(7), 1977, pp. 504–513.
B.W. Lampson. A note on the confinement problem. Communications of the ACM, Vol. 16, n. 10, 1973, pp. 613–615.
K.L. McMillan. The SMV language. Cadence Berkeley Labs, Cadence Design Systems, Berkeley, March 1999.
Lindholm T., F. Yellin. The java virtual machine specification. Addison-Wesley, 1996.
G. Morrisett, D. Walker, K. Crary, N. Glew. From System F to Typed Assembly Language. ACM Transactions on Programming Languages and Systems, Vol. 21, N. 3, 1999, pp. 527–568.
A. Sabelfeld, D. Sands. The impact of synchronization on secure information flow in concurrent programs. Proceedings Andrei Ershov 4th International Conference on Perspective of System Informatics, Novosibirsk, LNCS, Springer-Verlag, July 2001.
D. A. Schmidt. Abstract interpretation of small-step semantics. Proceedings 5th LOMAPS Workshop on Analysis and Verification of Multiple-Agent Languages, M. Dam and F. Orava, eds. Springer, 1996.
D. A. Schmidt, B. Steffen. Program analysis as model checking of abstract interpretations. Proc. 5th Static Analysis Symposium, G. Levi. ed., Pisa, September, 1998. Springer LNCS 1503.
D. A. Schmidt. Data-flow analysis is model checking of abstract interpretations. Proc. 25th ACM Symp. Principles of Programming Languages, San Diego, 1998.
D. Volpano, G. Smith, C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3), 1996, pp. 167–187.
D. Volpano, G. Smith. Eliminating covert flows with minimum typing. Proceedings 10th IEEE Computer Security Security Foundation Workshop, June 1997, pp. 156–168.
R. Stata, M. Abadi. A type system for java bytecode subroutine. ACM Transactions on Programming Languages and Systems, Vol. 21, n. 1, 1999, pp. 90–137.
Z. Xu, B. P. Miller, T. Reps. Safety Checking of Machine Code. Proceedings ACM SIGPLAN Conference on Programming Language Design and Implementation, Vancouver, Canada, 2000, pp. 70–82.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bernardeschi, C., De Francesco, N. (2002). Combining Abstract Interpretation and Model Checking for Analysing Security Properties of Java Bytecode. In: Cortesi, A. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2002. Lecture Notes in Computer Science, vol 2294. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47813-2_1
Download citation
DOI: https://doi.org/10.1007/3-540-47813-2_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43631-7
Online ISBN: 978-3-540-47813-3
eBook Packages: Springer Book Archive