Secure software infrastructure in the internet age

New Generation Computing

Volumn 21, Issue 2, 2003, Pages 87-106

  Shibayama, Etsuya ^a   Yonezawa, Akinori ^b  

^a TOKYO INSTITUTE OF TECHNOLOGY   (Japan)

^b UNIVERSITY OF TOKYO   (Japan)

Author keywords

Internet security; Language based security; Runtime monitoring; Software security; Verification and static analysis

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; COMPUTER SOFTWARE; INTERNET; SYSTEMS ANALYSIS;

INTERNET SECURITY; LANGUAGE-BASED SECURITY; RUNTIME MONITORING; SOFTWARE SECURITY;

SECURITY OF DATA;

EID: 0037238712     PISSN: 02883635     EISSN: None     Source Type: Journal    
DOI: 10.1007/BF03037627     Document Type: Article

References (46)

1. Abadi, M., Gordon, A. D., "A Calculus for Cryptographic Protocols: The Spi Calculus," Information and Computation, 148, 1, pp. 1-70, 1999.
2. Abadi, M., Feigenbaum, J., "Secure Circuit Evaluation: A Protocol Based on Hiding Information from an Oracle," J. of Cryptology, 2, 1, pp. 1-12, 1990.
3. Affeldt, R. and Kobayashi, N., "Formalization and Verification of a Mail Server in Coq," in Proc. of ISSS2002, LNCS, to appear, 2003.
4. Aleph One, "Smashing the Stack for Fun and Profit," Phrack 49, 7, 1996, http://www.phrack.org/leecharch.php?p=49
5. Aucsmith, D., "Tamper Resistant Software: An Implementation," Information Hiding, LNCS 1174, pp. 317-333, 1996.
6. Badger, L., Sterne, D. F., Sherman, D. L. and Walker, K. M., "A Domain and Type Enforcement UNIX Prototype," USENIX Computing Systems, 9, 1, pp. 47-83, 1996.
7. Baratloo, A., Singh, N. and Tsai, T., "Transparent Run-Time Defense against Stack-smashing Attacks," in Proc. of USENIX Annual Conf., 2000.
8. Binder, W., Hulaas, J. and Villazón, A., "Portable Resource Control in Java: The J-SEAL2 Approach," in Proc. of ACM Conf. on Object Oriented Programming Systems Languages and Applications, pp. 139-155, 2001.
9. Burrows, M., Abadi, M. and Needham, R., "A Logic of Authentication," in Proc. of the Royal Society, Series A 426, 233-271, 1989.
10. Clark, D. D., "The Design Philosophy of the DARPA Internet Protocols," in Proc. of SIGCOMM'88, Computer Communication Review, 18, 4, pp. 106-114, 1988.
11. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S. Grier, A., Wagle, P., Zhang, Q. and Hinton, H., "StackGuard: Automatic Adaptive Detection and Prevention of Buffer-overflow Attacks," in Proc. of 7th USENIX Security Conf., pp. 63-78, 1998.
12. Denning, D. E., "A Lattice Model of Secure Information Flow," Comm. of the ACM, 19, 5, pp. 236-243, 1976.
13. Formal Systems (Europe) Ltd., "FDR2 User Manual," http://www.formal.demon.co.uk/fdr2manual/index.html, 2000.
14. Forrester, J. E. and Miller, B. P., "An Empirical Study of the Robustness of Windows NT Applications Using Random Testing," USENIX Windows Systems Symp., 2000.
15. Gong, L., Mueller, M., Prafullchandra, H. and Schemers, R., "Going beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2," USENIX Symp. on Internet Technologies and Systems, pp. 103-112, 1997.
16. Grothoff, C., Palsberg, J. and Vitek, J., "Encapsulating Objects with Confined Types," in Proc. of ACM Conf. on Object Oriented Programming Systems Languages and Applications, pp. 241-255, 2001.
17. Gutmann, P., "Lessons Learned in Implementing and Deploying Crypto Software," in Proc. of 11th USENIX Security Symp., pp. 315-326, 2002.
18. Havelund, K. and Pressburger, T., "Model Checking Java Programs Using Java PathFinder," Int'l J. on Software Tools for Technology Transfer, 2, 4, pp. 366-381, 1998.
19. Holzmann, G. J., "The Model Checker SPIN," IEEE Trans. on Software Engineering, 23, 5, pp. 279-295, 1997.
20. Heintze, N. and Riecke, J. G., "The SLam Calculus: Programming with Secrecy and Integrity," in Proc. of ACM Symp. on Principles of Programming Languages, pp. 365-377, 1998.
21. Igarashi, A. and Kobayashi, N., "Resource Usage Analysis," in Proc. of ACM Symp. on Principles of Programming Languages, pp. 331-342, 2001.
22. Kato, K. and Oyama, Y., "Software Pot: An Encapsulated Transferable File System for Secure Software Circulation," in Proc. of ISSS2002, LNCS, to appear, 2003.
23. Kobayashi, N., "A Partially Deadlock-free Typed Process Calculus," ACM Trans. on Programming Languages and Systems, 20, 2, pp. 436-482, 1998.
24. Leroy, X., "Java Bytecode Verication: An Overview," Int'l. Conf. on Computer Aided Verication, LNCS 2001, pp. 265-285, 2001.
25. Myers, A. C., "JFlow: Practical Mostly-static Information Flow Control," in Proc. of ACM Symp. on Principles of Programming Languages, pp. 228-241, 1999.
26. Miller, B. P., Fredriksen, L. and So, B., "An Empirical Study of the Reliability of UNIX Utilities," Comm. of the ACM, 33, 12, pp. 32-44, 1990.
27. Mitchell, J. C., "Programming Language Methods in Computer Security," in Proc. of ACM Symp. on Principles of Programming Languages, pp. 1-3, 2001.
28. Morrisett, G., Walker, D., Crary, K. and Glew, N., "From System F to Typed Assembly Language," ACM Trans. on Programming Languages and Systems, 21, 3, pp. 527-268, 1999.
29. National Institute of Standards and Technology, "Data Encryption Standard (DES)," FIPS PUB 46-3, 1999.
30. Necula, G. C., "Proof-carrying Code," in Proc. of ACM Symp. on Principles of Programming Languages, pp. 106-119, 1997.
31. Necula, G. C. and Lee, P., "The Design and Implementation of a Certifying Compiler," in Proc. of ACM Conf. on Programming Language Design and Implementation, pp. 333-344, 1998.
32. Necula, G. C., McPeak, S. and Weimer, W., "CCured: Type-safe Retrofitting of Legacy Code," ACM Symp. on Principles of Programming Languages, pp. 128-139, 2002.
33. Oiwa, Y., Sekiguchi, T., Sumii, E., Yonezawa, A., "Fail-safe ANSI-C Compiler: An Approach to Making C Programs Secure," in Proc. of ISSS2002, LNCS, to appear, 2003.
34. Peterson, D. S., Bishop, M. and Pandey, R., "A Flexible Containment Mechanism for Executing Untrusted Code," in Proc. of 11th USENIX Security Symp., pp. 207-225, 2002.
35. Rivest, R. L., Shamir, A., and Adelman, L. M., "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Comm. of the ACM, 21, 2, pp. 120-126, 1978.
36. Rochlis, J. A. and Eichin, M. W., "With Microscope and Tweezers: the Worm from MIT's Perspective," Comm. of the ACM, 32, 6, 689-698, 1989.
37. Schneider, F. B., "Enforceable Security Policies," ACM Trans. Information and System Security, 3, 1, pp. 30-50, 2000.
38. Schneier, B., Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2000.
39. Shibayama, E., Hagihara, S., Kobayashi, N., Nisizaki, S., Taura, K. and Watanabe, T., "AnZenMail: A Secure and Certified E-mail System," in Proc. of ISSS2002, LNCS, to appear, 2003.
40. Simon, S., The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, Anchor Books, 2000.
41. The Coq Development Team, The Coq Proof Assistant Reference Manual, Version 7, 3, 2002.
42. Erlingsson, Ú. and Schneider, F. B., "IRM Enforcement of Java Stack Inspection," IEEE Symp. on Security and Privacy, pp. 246-255, 2000.
43. Vitek, J. and Bokowski, B., "Confined Types in Java," Software Practice and Experience, 31, 6, pp. 507-532, 2001.
44. Wahbe, R. Lucco, S., Anderson, T. E., and Graham, S. L., "Efficient Software-based Fault Isolation," in Proc. of ACM Symp. on Operating Systems Principles, pp. 203-216, 1993.
45. Walker, D., "A Type System for Expressive Security Policies," ACM Symp. on Principles of Programming Languages, pp. 254-267, 2000.
46. Wen, W. and Mizoguchi, F., "Web Security: Authentication Protocols and Their Analysis," New Generation Computing, 19, 3, pp. 283-299, 2001.