Sirer, E. G., S. McDirmid, and B. Bershad: 1997, `Kimera: A Java system security architecture.'. Technical report, University of Washington.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....[10] When the following legal Java programs are compiled using a standard compiler like Sun s JDK 1.3 or 1.4 compiler, then the generated bytecode is rejected by most bytecode verifiers including JDK 1.3, JDK 1.4, Netscape 4.73 4.76, Microsoft VM for Java 5.0 and 5. 5 and the Kimera Verifier [14]. void test(boolean b) int i; try i = 1; finally if (b) i = 2; int j = i; class Test2 void test(boolean b) int i; L: try i = 1; if (b) break L; finally if (b) i = 2; i = 3; int j = i; What is the problem In both examples the compiler infers (on the ....

Sirer, E., S. McDirmid, and B. Bershad: 1997, `Kimera: A Java system security architecture'. http://kimera.cs.washington.edu/.

....1 are legal Java programs. When they are compiled using a standard Java compiler like Sun s JDK 1.2 or 1.3 compiler, then the generated bytecode is rejected by any bytecode verifier we tried including JDK 1.2, JDK 1.3, Netscape 4.73 4.76, Microsoft VM for Java 5.0 and 5. 5 and the Kimera Verifier [15]. The problem is that in the eyes of the verifier the variable i is unusable at the end of the method at the return i instruction, whereas according to the JLS [4, 16.2.14] the variable i is definitely assigned after the try finally statement. The two programs Test1 and Test2 cannot be verified, ....

E.G. Sirer, S. McDirmid, and B. Bershad. Kimera: A Java system security architecture. http://kimera.cs.washington.edu/, 1997. 15

....1 are legal Java programs. When they are compiled using a standard Java compiler like Sun s JDK 1.2 or 1.3 compiler, then the generated bytecode is rejected by any bytecode veri er we tried including JDK 1.2, JDK 1.3, Netscape 4.73 4.76, Microsoft VM for Java 5.0 and 5. 5 and the Kimera Veri er [5]. The problem is that in the eyes of the veri er the variable i is unusable at the end of the method at the return i instruction, whereas according to the JLS [2, x16.2.14] the variable i is de nitely assigned after the try nally statement. The two programs Test1 and Test2 cannot be veri ed, ....

E.G. Sirer, S. McDirmid, and B. Bershad. Kimera: A Java system security architecture. http://kimera.cs.washington.edu/, 1997.

....1 are legal Java programs. When they are compiled using a standard Java compiler like Sun s JDK 1.2 or 1.3 compiler, then the generated bytecode is rejected by any bytecode verifier we tried including JDK 1.2, JDK 1.3, Netscape 4.73 4.76, Microsoft VM for Java 5.0 and 5. 5 and the Kimera Verifier [9]. The problem is that in the eyes of the verifier the variable i is unusable at the end of the method at the return i instruction, whereas according to the JLS [3, 16.2.14] the variable i is definitely assigned after the try finally statement. The two programs Test1 and Test2 cannot be verified, ....

E.G. Sirer, S. McDirmid, and B. Bershad. Kimera: A Java system security architecture. http://kimera.cs.washington.edu/, 1997.

.... that our mathematical definition of the semantics of Java yields a complete model which is falsifiable by mental or machine experiments, in the sense of Popper [30] and thus complements and enhances purely experimental studies of Java and its implementations (see for example the Kimera project [34]) Our definition provides a basis for a machine and system independent mathematical analysis of the behavior of Java programs. As illustration we cite here some examples of theorems we can formulate and prove in rigorous mathematical terms for our models of Java; we hope to publish these and ....

E.G. Sirer, S. McDirmid, and B. Bershad. Kimera: A Java system security architecture. Web pages at: http://www.kimera.cs.washington.edu/, 1997.

....specific functionality, like identifying the object accessing a resource. If the mecha 1 The verification of this requires a formal description of the properties of the application and formal program verification. This is a difficult task and therefore seldomly done for today s software. See [24, 28, 29] for first steps in this direction concerning the Java Bytecode. nism s implementation is not safe, there is no guaranty that the identification returned is the correct one. The safety and security properties of a mobile agent system or one of its subcomponents can be divided into several ....

....introduce a security problem in systems using Java. Even with the new and more flexible Java security model [13] there remain many security problems a mobile agent system has to solve by providing it s own security architecture. There is more ongoing research to improve Java s security properties [28], in particular in the mobile code scenario [33] 5 HTTP Server Security Basically HTTP servers make the data contained in local files available to remote users. Remote users access the server and the server s data through the HTTP protocol, which provides different requests for different actions ....

Sirer E.G., McDirmid S., Bredshad B., Kimera: A Java System Security Architecture, http://kimera.cs.washington.edu/

....by the programmer. As predicted by our mathematical model for Java, different implementations (e.g. the JDK 1.1) deadlock. 6 Discussion and Proposal of Solution Mostly the analysis of Java is concentrated on finding security errors. Work in this area can be classified as experimental, for instance [9,10], or theoretical, for instance [1,11] To simplify the formal analysis, none of these theoretical studies does care about initialization and as a consequence none of them did detect Java s initialization problems. In their descriptions of defensive JVMs Bertelsen [2] and Cohen [5] noticed the ....

E.G. Sirer, S. McDirmid, and B. Bershad. Kimera: A Java system security architecture. Web pages at: http://www.kimera.cs.washington.edu/, 1997.

No context found.

Sirer, E. G., S. McDirmid, and B. Bershad: 1997, `Kimera: A Java system security architecture.'. Technical report, University of Washington.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC