Security and Dynamic Class Loading in Java: A Formalization
نویسندگان
چکیده
We give a formal specification of the dynamic loading of classes in the Java Virtual Machine (JVM) and of the visibility of members of the loaded classes. This specification is obtained by identifying the part of the run-time state of the JVM that is relevant for dynamic loading and visibility and consists of a set of inference rules defining abstract operations for loading, linking and verification of classes. The formalisation of visibility includes an axiomatisation of the rules for membership of a class under inheritance, and of accessibility of a member in the presence of accessibility modifiers such as private and protected. The contribution of the formalisation is twofold. First, it provides a clear and concise description of the loading process and the rules for member visibility compared to the informal definitions of the Java language and the JVM. Second, it is sufficiently simple to allow calculations of the effects of load operations in the JVM.
منابع مشابه
Aspects and Class-based Security
Various aspect-oriented languages, e.g., AspectJ, AspectWerkz, and JAsCo, have been proposed as extensions to one particular object-oriented base language, namely Java. But these extensions do not fully take the interactions with the Java 2 security model into account. In particular, the implementation technique of advice weaving gives rise to two security issues: the erroneous assignment of as...
متن کاملExtending eclipse RCP with dynamic update of active plug-ins
While the dynamic linking mechanism of modern programming languages, such as Java, allows loading of classes dynamically, it does not allow class reloading. Hence, dynamic linking facilitates development of component platforms, such as eclipse RCP, which supports dynamic loading but not dynamic updates of components, since this requires reloading. This paper presents an approach that enhances e...
متن کاملImplementing Dynamic Language Features in Java Using Dynamic Code Generation
Compared to dynamic object-oriented languages like CommonLisp or Smalltalk, Java has a fairly simple and restrictive object and type system. Some of the key differences between Java and these other languages is that they offer structural conformance, automatic delegation, and dynamic mixins. When such constructs are needed in a language like Java, they are usually expressed in terms of standard...
متن کاملSecurity Risks in Java-based Mobile Code Systems
Java is the predominant language for mobile agent systems, both for implementing mobile agent execution environments and for writing mobile agent applications. This is due to inherent support for code mobility by means of dynamic class loading and separable class name spaces, as well as a number of security properties, such as language safety and access control by means of stack introspection. ...
متن کامل