Skip to main content
SpringerLink
Log in

On-Device Control Flow Verification for Java Programs

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6542))

Included in the following conference series:

Abstract

While mobile devices have become ubiquitous and generally multi-application capable, their operating systems provide few high level mechanisms to protect services offered by application vendors against potentially hostile applications coexisting on the device. In this paper, we tackle the issue of controlling application interactions including collusion in Java-based systems running on open, constrained devices such as smart cards or mobile phones. We present a model specially designed to be embedded in constrained devices to verify on-device at loading-time that interactions between applications abide by the security policies of each involved application without resulting in run-time computation overheads; this model deals with application (un)installations and policy changes in an incremental fashion. We sketch the application of our approach and its security enhancements on a multi-application use case for GlobalPlatform/Java Card smart cards.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bieber, P., Cazin, J., Wiels, V., Zanon, G., El-Marouani, A., Girard, P., Lanet, J.L.: The PACAP Prototype: A Tool for Detecting Java Card Illegal Flow (chapter 3). In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 25–37. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Ghindici, D., Simplot-Ryl, I.: On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards. In: Grimaud, G., Standaert, F.X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 32–47. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Progress in Informatics (5), 35–47 (2008)

    Google Scholar 

  4. Gurov, D., Huisman, M., Sprenger, C.: Compositional verification of sequential programs with procedures. Information and Computation 206(7), 840–868 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  5. Huisman, M., Gurov, D., Sprenger, C., Chugunov, G.: Checking absence of illicit applet interactions, a case study. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 84–98. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Barthe, G., Gurov, D., Huisman, M.: Compositional verification of secure applet interactions. In: Kutsche, R.-D., Weber, H. (eds.) FASE 2002. LNCS, vol. 2306, pp. 15–32. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. Besson, F., Blanc, T., Fournet, C., Gordon, A.D.: From stack inspection to access control: a security analysis for libraries. In: Proceedings of the 17th workshop on Computer Security Foundations (CSFW 2004), p. 61. IEEE Computer Society, Los Alamitos (2004)

    Chapter  Google Scholar 

  8. Sistla, A.P., Venkatakrishnan, V.N., Zhou, M., Branske, H.: CMV: automatic verification of complete mediation for java virtual machines. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pp. 100–111. ACM, New York (2008)

    Chapter  Google Scholar 

  9. Leroy, X.: Bytecode verification on Java smart cards. Software – Practice & Experience 32(4), 319–340 (2002)

    Article  MATH  Google Scholar 

  10. Ghindici, D., Grimaud, G., Simplot-Ryl, I.: An Information Flow Verifier for Small Embedded Systems. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 189–201. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  11. Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1997, pp. 106–119. ACM, New York (1997)

    Google Scholar 

  12. Bieber, P., Cazin, J., Girard, P., Lanet, J.L., Wiels, V., Zanon, G.: Checking Secure Interactions of Smart Card Applets: extended version. Journal of Computer Security 10, 369–398 (2002)

    Article  Google Scholar 

  13. Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-contract: Toward a semantics for digital signatures on mobile code. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 297–312. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Dragoni, N., Massacci, F., Schaefer, C., Walter, T., Vetillard, E.: A Security-by-Contract Architecture for Pervasive Services. In: SECPerU, pp. 49–54 (2007)

    Google Scholar 

  15. Ion, I., Dragovic, B., Crispo, B.: Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices. In: ACSAC, pp. 233–242 (2007)

    Google Scholar 

  16. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of the 25th Annual Computer Security Applications Conference (ACSAC 2009), pp. 340–349. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  17. Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: CCS 2009, Chicago, IL, USA, pp. 235–245. ACM, New York (November 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Univ Lille Nord de France, INRIA Lille – Nord Europe, CNRS UMR 8022 LIFL, France

    Arnaud Fontaine, Samuel Hym & Isabelle Simplot-Ryl

Authors
  1. Arnaud Fontaine
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Samuel Hym
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Isabelle Simplot-Ryl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Google Inc., 1288 Pear Ave, 94043, Mountain View, CA, USA

    Úlfar Erlingsson

  2. Computer Science Department, University of Twente, Drienerlolaan 5, 7522 NB, Enschede, The Netherlands

    Roel Wieringa

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612 AZ, Eindhoven, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fontaine, A., Hym, S., Simplot-Ryl, I. (2011). On-Device Control Flow Verification for Java Programs. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19125-1_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19124-4

  • Online ISBN: 978-3-642-19125-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation