Taking into account Java’s Security Manager for static verification
نویسنده
چکیده
The verification of Java programs is a difficult task, especially with components like the Security Manager which modify the semantic of the Java Virtual Machine (JVM). To model this invasive behaviour the Security Manager can be implemented as an aspect component, using AspectJ. In this paper we describe a framework for static verification of Java programs containing AspectJ advices specified with Pipa and we instanciate it over a case study, the Security Manager. The framework is built around a weakest precondition calculus over Java bytecode using guarded commands. It has an advice weaving semantic which is correct against AspectJ advice weaving semantic.
منابع مشابه
Developing a fuzzy group decision making approach for project manager selection considering the static complexity of construction projects
Due to the particular importance of projects in human life and in organizations, proper project management has been always regarded highly by researchers and practitioners. Recent advances in technology and fundamental changes in most scientific areas have affected projects and made their nature and environmental circumstances much more complex than in the past. Fortunately, in recent years, ma...
متن کاملA Uml-based Static Verification Framework for Security Journal Article a Uml-based Static Verification Framework for Security
Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In ...
متن کاملProof Linking A Modular Verification Architecture for Mobile Code Systems
This dissertation presents a critical rethinking of the Java bytecode verification architecture from the perspective of a software engineer. In existing commercial implementations of the Java Virtual Machine, there is a tight coupling between the dynamic linking process and the bytecode verifier. This leads to delocalized and interleaving program plans, making the verifier difficult to maintain...
متن کاملPrecise Dynamic Verification of Noninterference
Confidentiality is maybe the most popular security property to be formally orinformally verified. Noninterference is a baseline security policy to formalizeconfidentiality of secret information manipulated by a program. Many staticanalyses have been developed for the verification of noninterference. In contrastto those static analyses, this paper considers the run-time verificat...
متن کاملPrecise Dynamic Verification of Confidentiality
Confidentiality is maybe the most popular security property to be formally or informally verified. Noninterference is a baseline security policy to formalize confidentiality of secret information manipulated by a program. Many static analyses have been developed for the verification of noninterference. In contrast to those static analyses, this paper considers the run-time verification of the r...
متن کامل