Abstract
This paper formalizes the folklore result that strongly-typed applets are more secure than untyped ones. We formulate and prove several security properties that all well-typed applets possess, and identify sufficient conditions for the applet execution environment to be safe, such as procedural encapsulation, type abstraction, and systematic type-based placement of run-time checks. These results are a first step towards formal techniques for developing and validating safe execution environments for applets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. Abadi. Secrecy by typing in security protocols. In Theoretical Aspects of Computer Software’ 97, volume 1281 of Lecture Notes in Computer Science, pages 611–638. Springer-Verlag, Sept. 1997.
M. Abadi, A. Banerjee, N. Heintze, and J. G. Riecke. A core calculus of dependency. In 26th symposium Principles of Programming Languages, pages 147–160. ACM Press, 1999.
M. Abadi and A. D. Gordon. Reasoning about cryptographic protocols in the Spi calculus. In CONCUR’97: Concurrency Theory, volume 1243 of Lecture Notes in Computer Science, pages 59–73. Springer-Verlag, July 1997.
D. S. Alexander, W. A. Arbaugh, M. W. Hicks, P. Kakkar, A. D. Keromytis, J. T. Moore, C. A. Gunter, S. M. Nettles, and J. M. Smith. The SwitchWare active network architecture. IEEE Network, 12(3):29–36, 1998.
D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. Security in active networks. In J. Vitek and C. Jensen, editors, Secure Internet Programming, Lecture Notes in Computer Science. Springer-Verlag Inc., New York, NY, USA, 1999.
J.-P. Banâtre and C. Bryce. A security proof system for networks of communicating processes. Research report 2042, INRIA, Sept. 1993.
J.-P. Billon. Security breaches in the JDK 1.1 beta2 security API. Dyade, http://www.dyade.fr/fr/actions/VIP/SecHole.html, Jan. 1997.
N. S. Borenstein. Email with a mind of its own: the Safe-Tcl language for enabled mail. In IFIP International Working Conference on Upper Layer Protocols, Architectures and Applications, 1994.
V. Breazu-Tannen, T. Coquand, C. A. Gunter, and A. Scedrov. Inheritance as implicit coercion. Information and Computation, 93(1):172–221, 1991.
K. Brunnstein. Hostile ActiveX control demonstrated. RISKS Forum, 18(82), Feb. 1997.
L. Cardelli, S. Martini, J. C. Mitchell, and A. Scedrov. An extension of system F with subtyping. Information and Computation, 109(1–2):4–56, 1994.
D. Dean, E. W. Felten, D. S. Wallach, and D. Balfanz. Java security: Web browsers and beyond. In D. E. Denning and P. J. Denning, editors, Internet Besieged: Countering Cyberspace Scofflaws, pages 241–269. ACM Press, 1997.
D. E. Denning. A lattice model of secure information flow. Commun. ACM, 19(5):236–242, 1976.
D. E. Denning and P. J. Denning. Certification of programs for secure information flow. Commun. ACM, 20(7):504–513, 1977.
S. Drossopoulou and S. Eisenbach. Java is type safe — probably. In Proc. 11th European Conference on Object Oriented Programming, volume 1241 of Lecture Notes in Computer Science, pages 389–418. Springer-Verlag, June 1997.
M. Erdos, B. Hartman, and M. Mueller. Security reference model for the Java Developer’s Kit 1.0.2. JavaSoft, http://java.sun.com/security/SRM.html, Nov. 1996.
S. N. Freund and J. C. Mitchell. A type system for object initialization in the Java bytecode language. In Object-Oriented Programming Systems, Languages and Applications 1998, pages 310–327. ACM Press, 1998.
L. Gong. Java security architecture (JDK1.2). JavaSoft, http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc.html, Oct. 1998.
J. Gosling and H. McGilton. The Java language environment — a white paper. JavaSoft, http://java.sun.com/docs/white/langenv, May 1996.
N. Heintze and J. G. Riecke. The SLam calculus: programming with secrecy and integrity. In 25th symposium Principles of Programming Languages, pages 365–377. ACM Press, 1998.
D. Hopwood. Java security bug (applets can load native methods). RISKS Forum, 17(83), Mar. 1996.
T. Jensen, D. Le Métayer, and T. Thorn. Security and dynamic class loading in Java: A formalisation. In International Conference on Computer Languages 1998, pages 4–15. IEEE Computer Society Press, 1998.
X. Leroy. Polymorphic typing of an algorithmic language. Research report 1778, INRIA, 1992.
X. Leroy, J. Vouillon, D. Doligez, et al. The Objective Caml system. Software and documentation available on the Web, http://caml.inria.fr/ocaml/, 1996.
R. Milner, M. Tofte, R. Harper, and D. MacQueen. The definition of Standard ML (revised). The MIT Press, 1997.
G. Morrisett, M. Felleisen, and R. Harper. Abstract models of memory management. In Functional Programming Languages and Computer Architecture 1995, pages 66–77. ACM Press, 1995.
G. C. Necula. Proof-carrying code. In 24th symposium Principles of Programming Languages, pages 106–119. ACM Press, 1997.
G. C. Necula and P. Lee. Safe kernel extensions without run-time checking. In Proc. Symp. Operating Systems Design and Implementation, pages 229–243. Usenix association, 1996.
T. Nipkow and D. von Oheimb. JavaLight is type-safe — definitely. In 25th symposium Principles of Programming Languages, pages 161–170. ACM Press, 1998.
J. Palsberg and P. O’Keefe. A type system equivalent to flow analysis. ACM Trans. Prog. Lang. Syst., 17(4):576–599, 1995.
J. Palsberg and P. Ørbaek. Trust in the λ-calculus. Journal of Functional Programming, 7(6):557–591, 1997.
G. D. Plotkin. A structural approach to operational semantics. Technical Report DAIMI FN-19, Aarhus University, 1981.
Z. Qian. A formal specification of a large subset of Java Virtual Machine instructions. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, Lecture Notes in Computer Science. Springer-Verlag, 1998. To appear.
J. C. Reynolds. User-defined types and procedural data structures as comple mentary approaches to data abstraction. In C. Gunter and J. Mitchell, editors, Theoretical aspects of object-oriented programming, pages 13–23. MIT Press, 1994.
F. Rouaix. A Web navigator with applets in Caml. In Proceedings of the 5th International World Wide Web Conference, Computer Networks and Telecommunications Networking, volume 28, pages 1365–1371. Elsevier, May 1996.
R. Stata and M. Abadi. A type system for Java bytecode subroutines. In 25th symposium Principles of Programming Languages, pages 149–160. ACM Press, 1998.
D. Syme. Proving JavaS type soundness. Technical Report 427, University of Cambridge Computer Laboratory, June 1997.
J.-P. Talpin and P. Jouvelot. The type and effect discipline. Information and Computation, 111(2):245–296, 1994.
M. Tofte. Type inference for polymorphic references. Information and Computation, 89(1), 1990.
D. Volpano and G. Smith. A type-based approach to program security. In Proceedings of TAPSOFT’97, Colloquium on Formal Approaches in Software Engineering, volume 1214 of Lecture Notes in Computer Science, pages 607–621. Springer-Verlag, 1997.
D. Volpano, G. Smith, and C. Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):1–21, 1996.
D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten. Extensible security architectures for Java. Technical report 546-97, Department of Computer Science, Princeton University, Apr. 1997.
D. S. Wallach and E. W. Felten. Understanding Java stack inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1998.
F. Yellin. Low level security in Java. In Proceedings of the Fourth International World Wide Web Conference, pages 369–379. O’Reilly, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Leroy, X., Rouaix, F. (1999). Security Properties of Typed Applets. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_7
Download citation
DOI: https://doi.org/10.1007/3-540-48749-2_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66130-6
Online ISBN: 978-3-540-48749-4
eBook Packages: Springer Book Archive