Lightweight Modeling of Java Virtual Machine Security Constraints
نویسنده
چکیده
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real world malicious applet is given to demonstrate the efficacy of the approach. This type of analysis represents a significant departure from standard malware detection methods based on signatures or anomaly detection.
منابع مشابه
Comparing Java and .NET security: Lessons learned and missed
Many systems execute untrusted programs in virtual machines (VMs) to mediate their access to system resources. Sun introduced the Java VM in 1995, primarily intended as a lightweight platform for executing untrusted code inside web pages. More recently, Microsoft developed the .NET platform with similar goals. Both platforms share many design and implementation properties, but there are key dif...
متن کاملVerified Java bytecode verification
The bytecode verifier is an important part of Java’s security architecture. This thesis presents a fully formal, executable, and machine checked specification of a representative subset of the Java Virtual Machine and its bytecode verifier together with a proof that the bytecode verifier is safe. The specification consists of an abstract framework for bytecode verification which is instantiated...
متن کاملMagic Potion : A Metalanguage for Incorporating
if your preferred environment requires only a few features from another paradigm, you must typically adopt the whole alien platform to take advantage of them. The alternative of using other languages and tools to implement the features in a way that avoids adding the whole platform is generally at least as difficult. But a more affordable solution is often possible. We used metaprogramming to i...
متن کاملFormal Proof of Smart Card Applets Correctness
The new Gemplus smart card is based on the Java technology, embedding a virtual machine. The security policy uses mechanisms that are based on Java properties. This language provides segregation between applets. But due to the smart card constraints a byte code verifier can not be embedded. Moreover, in order to maximise the number of applets the byte code must be optimised. The security proper...
متن کاملModeling the Java Bytecode Verifier
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the Bytecode Verifier, a critical component used to verify class semantics before loading is complete. This paper describes a method for representing Java security constraints using the Alloy modeling language. It f...
متن کامل