X. Leroy and F. Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming -- Security issues for Mobile and Distributed Objects, volume 1603 of LNCS, pages 147--182. Springer-Verlag, 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... Delta i s could be reflected into the language itself, yielding a dynamic system in which a principal could grant or revoke capabilities to other agents at run time. 5 Related Work Perhaps the closest work to ours is Leroy and Rouaix s investigation into the safety properties of typed applets [9]. They use a calculus augmented with state in order to prove theorems similar to Theorem 2.16. They too distinguish between the execution environment code and applet code, similar to our use of principals, but they consider only the two agent case and take a less syntactic approach. There has ....

Xavier Leroy and Francois Rouaix. Security properties of typed applets. In Principles of Programming Languages, January 1998.

....of a system that runs S[e] in a more trusted environment, as illustrated in Section 3. Rather, it describes a sandbox policy with maximal permissions S. Such a policy can be enforced without the complications of dynamic stack inspections, using the constant set of permissions S or relying on types [18]. Next, we focus on trusted code that discards any untrusted result. With this discipline, applet code framed with S should not a#ect any code protected by permissions beyond S. The next theorem formalizes this reasonable property. Its statement relies on a partial erasure operator: Partial ....

X. Leroy and F. Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming -- Security issues for Mobile and Distributed Objects, volume 1603 of LNCS, pages 147--

....does not apply when linking with third party libraries. The only widely used method of ensuring safe linking, and the method used by Java, is type checking the interfaces between program fragments. Recent research has formally shown that strongly typed mobile code has desirable security properties [22] and provides ways of ensuring that type safety is preserved by the linking process [23] Although type checking is useful in ensuring that programs and libraries at least agree on the types they are using, it falls far short of guaranteeing that code will behave in the expected manner. Stronger ....

Leroy X, Rouaix F. Security properties of typed applets. Conference Record of POPL '98: The 25th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, January 1998. ACM Press: New York, NY, 1998; 391-- 403.

....does not apply when linking with third party libraries. The only widely used method of ensuring safe linking, and the method used by Java, is type checking the interfaces between program fragments. Recent research has formally shown that strongly typed mobile code has desirable security properties [LR98] and provided ways of ensuring that type safety is preserved by the linking process [GM99] Still, though type checking is useful in ensuring that programs and libraries at least agree on the types they are using, it falls far short of guaranteeing that code will behave in the expected manner. ....

Xavier Leroy and Francois Rouaix. Security properties of typed applets. In Conference Record of POPL '98: The 25th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, pages 391--403, 19--21 January 1998.

....of interest for a language and then attempt to introduce functionality while preserving them. This seems more promising than treating security afterward. Also, one cannot overemphasize the need for a formal semantics. It is essential for proving soundness and basic safety properties like those in [24]. We strongly believe that secure languages should have simple, compositional logics for reasoning about the security properties of interest. Compilers should be able to incorporate decision procedures for these logics as static analyses that programmers can easily understand. For instance, the ....

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings 25th Symposium on Principles of Programming Languages, pages 391-403, San Diego, CA, January 1998.

.... annotated operational semantics (developing a satisfactory denotational semantics of box , dealing with name creation, boxes, and untyped components, would be a challenging research problem in its own right) In a sequential setting annotated operational semantics have been used by [38] see also [17]. The de nition of the coloured semantics for box seems unproblematic, but in general one might validate an annotated semantics by relating it to a lower level execution model (as mentioned below) Information ow type systems: The type system di ers from previous work [34, 35, 21] primarily ....

Xavier Leroy and Francois Rouaix. Security properties of typed applets. In Conference Record of POPL '98: The 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 391-403, San Diego, California, 19-21 January 1998. 34

....means for controlling access to objects. The rst is access modi ers such as private, protected, and public, to restrict the visibility of attributes and classes. The second is type abstraction; abstract types and subsumption can be used to limit the operations that can be invoked on an object [20, 21]. This second approach is not applicable in languages such as Java in which the run time type of objects can be retrieved by the program (e.g. through the instanceof operator or re ection) Dynamic access control. Java provides dynamic access control mechanisms based on call stack inspection to ....

....to protect the information content of objects, as shown by the class signing example of Section 3, rather we control the ow of language level objects, or more precisely, object references. Further, con ned types are as much about integrity as secrecy. The elegant paper of Leroy and Rouaix [20] has similar goals as the work presented in this paper. The authors formalize the security properties of applets written in a strongly typed programming language. They propose a technique based on type abstraction to guarantee that certain locations in the store will not be written by untrusted ....

Leroy X, Rouaix F. Security properties of typed applets. Conference Record of POPL '98: The 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1998; 391-403.

....system that runs S[e] in a more trusted environment, as illustrated in Section 3. Rather, it describes a sandbox policy with maximal permissions S. Such a policy can be enforced without 30 the complications of dynamic stack inspections, using the constant set of permissions S or relying on types [13]. Next, we focus on trusted code that discards any untrusted result. With this discipline, applet code framed with S should not a#ect any code protected by permissions beyond S. The next theorem formalizes this reasonable property. Its statement relies on a partial erasure operator: Partial ....

X. Leroy and F. Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming -- Security issues for Mobile and Distributed Objects, volume 1603 of Lecture Notes in Computer Science, pages 147--182. Springer-Verlag, 1999.

....but also on the proper implementation of the API given to the applet. The majority of known applet based attacks exploit bugs in the API in a type safe way, rather than breaking type safety through bugs in the verifier. Verification of the API is a promising area of application for formal methods [32, 24]. Acknowledgements We thank Alessandro Coglio, Ludovic Henrio, and the anonymous referees for their helpful comments and suggestions for improvements. ....

Leroy, X. and F. Rouaix: 1999, `Security properties of typed applets'. In: J. Vitek and C. Jensen (eds.): Secure Internet Programming -- Security issues for Mobile and Distributed Objects, Vol. 1603 of Lecture Notes in Computer Science. Springer-Verlag, pp. 147--182.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming -- Security issues for Mobile and Distributed Objects, volume 1603 of LNCS, pages 147--182. Springer-Verlag, 1999.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.

No context found.

Leroy, X. & Rouaix, F. (1998), Security properties of typed applets, in `POPL '98---25th Annual ACM Symposium on Principles of Programming Languages ', SIGPLAN Notices, pp. 391--403.

No context found.

Xavier Leroy and Francois Rouaix. Security properties of typed applets. In Twenty-Fifth ACM Symposium on Principles of Programming Languages, pages 391--403, San Diego, January 1998.

No context found.

Xavier Leroy and Francois Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming -- Security issues for Mobile and Distributed Objects, volume 1603 of Lecture Notes in Computer Science, pages 147--182. Springer-Verlag, 1999.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proc. of 25th ACM Symposium on Principles of Programming Languages, pages 391--403. ACM Press, 1998.

No context found.

X. Leroy and F. Rouaix, "Security properties of typed applets," in Secure internet Programming. New York: Springer-Verlag, 1999, vol. 1603.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.

No context found.

Xavier Leroy and Francois Rouaix. Security Properties of Typed Applets. In Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL'98), pages 391-403, January 1998.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Twenty-fifth Annual ACM Symp. on Principles of Prog. Languages, pages 391--403, New York, Jan 1998. ACM Press.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In J. Vitek and C. Jensen, editors, Secure Internet Programming -- Security issues for Mobile and Distributed Objects, volume 1603 of Lecture Notes in Computer Science, pages 147--182. Springer, 1999.

No context found.

X. Leroy and F. Rouaix. Security properties of typed applets. In Conference Record of POPL '98: The 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 391-403, San Diego, California, 19-21 Jan. 1998.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC