Kozen, D. Language-Based Security, vol. 1672. Springer-Verlag, September 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....DHM M if there is a run of M s.t. i is compatible with the i th label of the I O projection of . 3 Another example In this section we give another example inspired by the technique of code instrumentation, a traditional technique in the eld of security problems for mobile computations (see [7] for a survey) Code instrumentation refers to the process of altering (instrumenting) machine code so that critical operations can be monitored during execution. This is done in such a way that the functional behavior of the instrumented code is the same as the original uninstrumented, provided ....

D. Kozen, Language-based security, In MFCS'99, Springer LNCS 1672, 1999.

....[49] 21] 15] 22] 37] 33] Rationale Strongly typed languages help reduce errors in programs at compile time. Moreover, type safety is often considered to be sufficient for ensuring the minimum nontrivial level of program safety, i.e. control flow safety, memory safety, and stack safety [24]. Thus it is strongly encouraged to use a type safe or strongly typed language, enhancing the integrity and security of software. Specifics Implicit type conversions must not be allowed. All data types should be statically analysable before program execution. Explicit type conversion rules ....

D. Kozen, Language Based Security, Technical Report TR99-1751, Cornell University, 1999.

.... representation is high level in that it contains all the source level semantics of Java programs including class and method descriptions, so that it is easier to verify the type safety of code (which are considered to be sufficient for ensuring the minimum nontrivial level of program safety [11]) It is also more compact than low level binary, meaning improved network utilization if used. Having received the high level code of a program, the Safety verifier automatically extends each instruction and operand(s) with pre and post conditions, forming a variant of the Hoare Triple [9] ....

D. Kozen, Language Based Security, Technical Report TR991751, Cornell University, 1999.

.... gestionnaire de mmoire mat riel : Memory Management Unit (MMU) comme dans les systmes classiques Unix, Linux ou Windows ; statique : procd de transformation de code : Software Fault Isolation (SFI) 43] La deuxime technique se fonde sur la thorie des types avec une approche oriente langage [23] : au niveau du bytecode (vrifieur Java [27] d assembleur typ (avec les travaux autour de TAL : Typed Assembly Language [33] ou de code intermdiaire commun typ avec le langage FAADE [18] Il faut noter que TAL et FAADE s inspirent et rifient les travaux plus gnraux de Necula et Lee sur le code ....

KOZEN, D. Language-Based Security. In Conf. Mathematical Foundations of Computer Science (MFCS'99) (September 1999), M. Kutylowski, L. Pacholski, and T. Wierzbicki, Eds., vol. 1676 of LNCS, Springer-Verlag, pp. 284--298. http: //www.cs.cornell.edu/kozen/papers/lbs.ps.

.... gestionnaire de m6moire mat6riel: Memory Management Unit (MMU) comme dans les systbmes classiques Unix, Linux ou Windows; statique: proc6d6 de transformation de code: Software Fault Isolation (SFI) 43] La deuxibme technique se fonde sur la th6orie des types avec une approche orient6e langage [23]: au niveau du bytecode (v6rifieur Java [27] d assembleur typ6 (avec les travaux autour de TAL: Typed Assembly Language [33] ou de code interm6diaire commun typ6 avec le langage FACADE [18] I1 faut noter que TAL et FACADE s inspirent et r6ifient les travaux plus g6n6raux de Necula et Lee sur ....

KOZEN, D. Language-Based Security. In Conf. Mathematical Foundations of Computer Science (MFCS'99) (September 1999), M. Kutylowski, L. Pacholski, and T. Wierzbicki, Eds., vol. 1676 of LNCS, Springer-Verlag, pp. 284-298. http: //www. cs. cornell.edu/kozen/papers/lbs.ps.

....work, and section 5 concludes. 2. L NGU GE B SED SECURITY ND MOBILE CODE Language based techniques for expressing and checking security properties have been gaining importance as a viable and effective way to write secure programs. The case for language based security has been made elsewhere[15][19] here we simply give a broad overview of the major techniques and summarize its major advantages. A safe programming language provides certain guarantees about the execution of programs written in that language [16] 17] These include at least the following: e ory safety the program ....

....in practice. Lack of safety in programming languages is a major source of security violations in computer systems. A survey of various well known bug tracking resources shows that almost half of all exploited vulnerabilities in software can be blamed on buffer overruns[18] The language based[15][19] approach to security has been variously defined as a set of techniques based on programming language theory and implementation. brought t o bear on the security question , and leveraging program analysis and program rewriting to enforce security policies . These techniques can be thought ....

D. Kozen. Language-based security. In Mathematical Foundations of Computer Science, pages 284--298, 1999.

....that permits a high precision analysis. Another worthwhile direction for future work is adapting techniques for the security of machine code to information flow: for example, typed assembly languages [28] that guarantee machine code does not violate type safety, and proofcarrying code [30] [121], where a proof that the program satisfies a security policy is distributed with the code and is checked before execution. C. Abstraction Violating Attacks It is inevitable that the model of the attacker is an abstraction that removes possibly important details about the real attacker. This ....

D. Kozen, "Language-based security," in Proc. Mathematical Foundations of Computer Science. 1999, vol. 1672 of LNCS, pp. 284--298, Springer-Verlag.

....systems, or considered not reasonable in the context of modern programming languages. Examples include requirements on the use of a particular character set [USDoD1978] and improvements in wording or program presentation (of Ada83) USDoD1990] 12 flow safety, memory safety, and stack safety [Kozen1999] Thus it is strongly encouraged to use a type safe or strongly typed language, enhancing the integrity and security of software. Specifics Implicit type conversions must not be allowed. All data types should be statically analysable before program execution. Explicit type conversion rules ....

D. Kozen, Language Based Security, Technical Report TR99-1751, Cornell University, 1999.

.... values are used according to their de nition, automatic memory management to prevent errors such as deleting a live object, and memory protection to prevent array and stack operations from over owing [12] While safety is not the same thing as security it is an essential foundation for the latter [13]. 2.2. Information ow control Over the last 20 years an abundant body of work has been devoted to information ow control. Multilevel security policies [14] originally conceived for military applications, are based on the notion that all data is labeled with security levels and that principals ....

....rely on explicit proofs but rather on strong typing provide a more lightweight alternative to PCC. In type theoretic solutions the security properties that can be speci ed over components are determined by the information provided by the type system. Essential properties include language safety [13] as enforced by the byte code veri er in Java [12] or by Typed Assembly Language [29, 30] 2.5. Summary While information ow policies are too restrictive, neither discretionary access control nor certi ed code directly provides a solution. Access control mechanisms dependent on dynamic checks ....

Kozen D. Language-based security. Technical Report TR99-1751, Cornell University, Computer Science, 1999.

....concrete examples, and discusses about its relations with other frameworks. Finally, chapter 5 summarizes and concludes. 3 2. Related Works Many researches are going on to provide machine checkable mechanisms to guarantee the safety of the external codes. Leroy s survey paper[Ler98] and Kozen s[Koz99] describe various methods to guarantee the correctness and thus safety. Also, there are many static analysis results which can be used for the verification of the code safety. Section 2.1 surveys the previously known results. Section 2.2 describes the known facts about the type system and the ....

Dexter Kozen. Language-based security. Technical report, Cornell University, 1999.

....software benefits from the research done in the field of mobile code. In this field various approaches were recently developed in order to protect host computers against attacks by mobile programs. These methods mainly focus on control flow safety, memory safety, and stack safety [20]. Besides of isolating security critical operations in a protected system kernel (e.g. 2] and using cryptography for the transit of code, code instrumentation gained attraction in the last years. Here, machine code is altered in a way that critical operations can be analyzed before or monitored ....

....analyses. The program user utilizes this information in order to check the code for compliance with his security policies. An example is the Java byte code verifier which proves Java byte code for type correctness and other securityrelated properties. Another method is proof carrying code (cf. [20]) which enables formal program verification. The program developer annotates the code with a formal specification (fi. pre and postconditions of functions or loop invariants) and hands this information over to the user who proves the code formally. Examples for utilizing proof carrying code are ....

D. Kozen. Language-Based Security. In M. Kutylowski, L. Pacholski, and T. Wierzbicki, editors, Proc. Conference on Mathematical Foundations of Computer Science (MFCS'99), LNCS 1672, pages 284--298. Springer-Verlag, 1999.

....the program obeys certain properties (for example, a safety policy) The resulting proofcarrying code is sent to a remote machine, which can check the proof locally against the code, to make sure that it obeys the safety policy. This has been pursued further by Appel and others [2, 24] Kozen [18] has developed a very light weight version of proof carrying code. He has built a compiler that includes hints to the structure of the compiled program in the code. A receiver of such instrumented code can verify the structural hints and thus obtain con dence that the program preserves memory ....

D. Kozen. Language-based security. Technical Report TR99-1751, Cornell University, Computer Science, June 15, 1999.

....the program obeys certain properties (for example, a safety policy) The resulting proofcarrying code is sent to a remote machine, which can check the proof locally 2 against the code, to make sure that it obeys the safety policy. This has been pursued further by Appel and others [3, 23] Kozen [19] has developed a very light weight version of proof carrying code. He has built a compiler that includes hints to the structure of the compiled program in the code. A receiver of such instrumented code can verify the structural hints and thus obtain con dence that the program preserves memory ....

Dexter Kozen. Language-based security. Technical Report TR99-1751, Cornell University, Computer Science, June 15, 1999.

....the program obeys certain properties (for example, a safety policy) The resulting proofcarrying code is sent to a remote machine, which can check the proof locally against the code, to make sure that it obeys the safety policy. This has been pursued further by Appel and others [3, 21] Kozen [17] has developed a very light weight version of proof carrying code. He has built a compiler that includes hints to the structure of the compiled program in the code. A receiver of such instrumented code can verify the structural hints and thus obtain con dence that the program preserves memory ....

D. Kozen. Language-based security. Technical Report TR99-1751, Cornell University, Computer Science, June 15, 1999.

No context found.

Kozen, D. Language-Based Security, vol. 1672. Springer-Verlag, September 1999.

No context found.

D. Kozen. Language-based security. In Mathematical Foundations of Computer Science, pages 284--298, 1999.

No context found.

Dexter Kozen. Language-Based Security. In Mathematical Foundations of Computer Science, pages 284--298, 1999.

No context found.

D. Kozen. Language based security. In Proceesings of MFCS'99, number 1672 in Lecture Notes in Computer Science, pages 284--298, 1999.

No context found.

D. Kozen. Language-based security. In Proc. Mathematical Foundations of Computer Science, volume 1672 of LNCS, pages 284--298. Springer-Verlag, September 1999.

No context found.

D. Kozen, "Language-based security," in Proc. Mathematical Foundations of Computer Science. Sept. 1999, vol. 1672 of LNCS, pp. 284-- 298, Springer-Verlag.

No context found.

D. Kozen. Language based security. In Proc. of MFCS'99, LNCS 1672, 284--298. Springer 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC