Abstract
We propose a flexible way of allowing the users of software components to specify their security policies, and endow digitally signed certificates with more expressive power at link time. Secure linking (SL) is more flexible than type-checking or other static checking mechanisms with endowing users the freedom to specify security policies at link time, and SL is more expressive than simple digital signing with restricting the scope of guarantees made by digitally signed certificates. SL would not prevent bugs in a software component, but it gives signers of software components finer-grain control of the meaning of their certificates. We implemented a logic-based framework for SL, which consists of the SL logic, a proof verifier, a tactical prover, and user interface languages. The framework of SL encompasses the existing constraint languages, such as OCL and JML, so the security policies and the property statements of software components can be written easily using those popular languages. In this paper, we explain the linking protocol of SL, the SL framework, and the extended user interface languages with OCL and JML. We also discuss the strength of the proposed linking protocol in developing practical software systems.
Similar content being viewed by others
References
Tseng F-H, Chou L-D, Chao H-C (2011) A survey of black hole attacks in wireless mobile ad hoc networks. Hum Centric Comput Inform Sci 1(1):4
Singh SK, Sabharwal S, Gupta JP (2012) A novel approach for deriving test scenarios and test cases from events. J Inform Process Syst 8(2):213–240
Necula GC (1997) Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp 106–119
Dam M, Lundblad A (2010) A proof carrying code framework for inlined reference monitors in Java Bytecode. CoRR, abs/1012.2995
Jouannaud J-P, Shao Z (2011) Certified programs and proofs. In: Proceedings of the first international conference on Cpp 2011, Kenting, Taiwan, December 7–9, 2011, Springer-Verlag New York Incorporated
Li T, Yu F, Lin Y, Kong X, Yu Y (2011) Trusted computing dynamic attestation using a static analysis based behaviour model. J Converg 2(1):61–68
Morrisett G, Walker D, Crary K, Glew N (1999) From system F to typed assembly language. ACM Trans Progr Lang Syst (TOPLAS) 21(3):527–568
Glew N, Morrisett G (1999) Type-safe linking and modular assembly language. In: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 250–261. ACM
Cardelli L (1997) Program fragments, linking, and modularization. In: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 266–277
Dean D (1997) The security of static typing with dynamic linking. In: Proceedings of the 4th ACM conference on computer and communications security, pp 18–27
Warmer JB, Kleppe AG (2003) The Object Constraint Language, Getting Your Models Ready for MDA. Addison-Wesley Professional
Lano K (2009) UML 2 semantics and applications. Wiley, New York
Richters M (2002) A precise approach to validating UML models and OCL constraints. Logos
Leavens G, Baker A (1999) JML: a notation for detailed design. Kluwer International Series, Dodretch
Muto Y, Okano K, Kusumoto S (2011) A visualization technique for unit testing and static checking with caller–callee relationships. J Converg 2(2):1–8
Leavens G (1996) An overview of Larch/C++: Behavioral specifications for C++ modules. Object-Oriented Behavioral Specifications
Aikebaier A, Enokido T, Takizawa M (2011) Trustworthy group making algorithm in distributed systems. Hum Centric Comput Inform Sci 1(1):6
Appel AW, Felten EW (1999) Proof-carrying authentication. In: Proceedings of the 6th ACM conference on computer and communications security, pp 52–62
Pfenning F, Schürmann C (1999) System description: Twelf—a meta-logical framework for deductive systems. Automated Deduction—CADE-16, pp 679–679
Church A (1940) A formulation of the simple theory of types. The Journal of Symbolic Logic 5(2):56–68
Appel AW, Michael N, Stump A, Virga R (2003) A trustworthy proof checker. J Autom Reason 31(3):231–260
Appel AW, Felty AP (2004) Dependent types ensure partial correctness of theorem provers. J Funct Progr 14(1):3–19
Flanagan C, Rustan K, Leino M, Lillibridge M, Nelson G, Saxe JB, Stata R (2002) Extended static checking for Java. SIGPLAN Not. 37(5):234–245
Appel AW, Felty AP (2000) A semantic model of types and machine instructions for proof-carrying code. In: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 243–253
Appel AW (2001) Foundational proof-carrying code. In: Proceedings of the 16th annual IEEE symposium on logic in computer science, pp 247–256
Liskov BH, Wing JM (1994) A behavioral notion of subtyping. Trans Program Lang Syst (TOPLAS) 16(6)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kim, H., Lee, E. Secure component composition with modular behavioral properties. J Supercomput 70, 3–19 (2014). https://doi.org/10.1007/s11227-014-1283-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-014-1283-x