Securing Java with local policies

Journal of Object Technology

Volumn 8, Issue 4, 2009, Pages 5-32

  Bartoletti, Massimo ^a   Costa, Gabriele ^b   Degano, Pierpaolo ^c   Martinelli, Fabio ^b   Zunino, Roberto ^d  

^a UNIVERSITY OF CAGLIARI   (Italy)

^b Istituto di Informatica e Telematica   (Italy)

^c UNIVERSITY OF PISA   (Italy)

^d UNIVERSITY OF TRENTO   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 70349394182     PISSN: None     EISSN: 16601769     Source Type: Journal    
DOI: 10.5381/jot.2009.8.4.a1     Document Type: Article

References (47)

1. M. Abadi and C. Fournet. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Security Symposium, San Diego, California, USA. The Internet Society, 2003.
2. F. Baiardi, F. Martinelli, P. Mori, and A. Vaccarelli. Improving grid services security with fine grain policies. In OTM Workshops, 2004.
3. A. Banerjee and D. A. Naumann. History-based access control and secure information flow. In Proceedings of the Workshop on Construction and Analysis of Safe, Secure and Interoperable Smart Cards, CASSIS 2004, Marseille, France, March 10-14, 2004, Revised Selected Papers, volume 3362 of Lecture Notes in Computer Science, pages 27-48, Berlin, 2005. Springer.
4. G. Barthe, L. Burdy, J. Charles, B. Grégoire, M. Huisman, J.-L. Lanet, M. Pavlova, and A. Requet. Jack a tool for validation of security and behaviour of Java applications. In Formal Methods for Components and Objects, 5th International Symposium, Amsterdam, NL, November 7-10, 2006, Revised Lectures, volume 4709 of Lecture Notes in Computer Science, pages 152-174. Springer, 2007.
5. M. Bartoletti. Usage automata. In Workshop on Issues in the Theory of Security, York, UK, volume 5511 of Lecture Notes in Computer Science, Berlin, 2009. Springer. to appear.
6. M. Bartoletti, P. Degano, and G.-L. Ferrari. Static analysis for stack inspection. In Proceedings of the International Workshop on Concurrency and Coordination, Electr. Notes Theor. Comput. Sci., volume 54, 2001.
7. M. Bartoletti, P. Degano, and G.-L. Ferrari. History based access control with local policies. In Proceedings of the 8th Foundations of Software Science and Computational Structures, FOSSACS 2005, Edinburgh, UK, April 4-8, 2005, volume 3441 of Lecture Notes in Computer Science, pages 316-332, Berlin, 2005. Springer.
8. M. Bartoletti, P. Degano, G.-L. Ferrari, and R. Zunino. Types and effects for resource usage analysis. In Proceedings of the 10th Foundations of Software Science and Computational Structures, FOSSACS 2007, Braga, Portugal, March 24-April 1, 2007, volume 4423 of Lecture Notes in Computer Science, pages 32-47, Berlin, 2007. Springer
9. M. Bartoletti, P. Degano, G. L. Ferrari, and R. Zunino. Semantics-based design for secure web services. IEEE Trans. Software Eng., 34(1), 2008.
10. M. Bartoletti, P. Degano, G. L. Ferrari, and R. Zunino. Model checking usage policies. In Proceedings of the 4th Trustworthy Global Computing, Barcelona, Spain, November 3-4, 2008, Lecture Notes in Computer Science, Berlin, 2009. Springer. to appear.
11. M. Bartoletti and R. Zunino. LocUsT: a tool for checking usage policies. Technical Report TR-08-07, Dip. Informatica, Univ. Pisa, 2008.
12. L. Bauer, J. Ligatti, and D. Walker. More enforceable security policies. In Proceedings of the Workshop on Foundations of Computer Security (FCS), 2002.
13. L. Bauer, J. Ligatti, and D. Walker. Composing security policies with Polymer. In Proceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), Chicago, IL, USA, June 12-15, 2005, pages 305-314, New York, 2005. ACM.
14. J. A. Bergstra and J. W. Klop. Algebra of communicating processes with abstraction. Theor. Comput. Sci., 37:77-121, 1985.
15. E. Bodden, P. Lam, and L. Hendren. Finding programming errors earlier by evaluating runtime monitors ahead-of-time. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE), 2008.
16. J. Brzosowski and J. E. McCluskey. Signal flow graph techniques for sequential circuit state diagrams. IEEE Trans. on Electronic Computers, 1963.
17. O. Burkart, D. Caucal, F. Moller, and B. Steffen. Verification on infinite structures http://www-compsci.swan.ac.uk/~csfm/Pubs/handbook01.pdf.
18. T. Colcombet and P. Fradet. Enforcing trace properties by program transformation. In Proceedings of the 27th Annual Symposium on Principles of Programming Languages, POPL, pages 54-66, New York, 2000. ACM.
19. K. Donnelly, J. J. Hallett, and A. Kfoury. Formal semantics of weak references. In ISMM '06: Proceedings of the 5th International Symposium on Memory Management, 2006.
20. N. Dragoni, F. Massacci, K. Naliuka, and I. Siahaan. Security-by-contract: Toward a semantics for digital signatures on mobile code. In EuroPKI, volume 4582 of Lecture Notes in Computer Science, pages 297-312. Springer, 2007.
21. G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Secure Internet Programming, volume 1603 of Lecture Notes in Computer Science, pages 413-431, Berlin, 1999. Springer.
22. J. Esparza. On the decidability of model checking for several μ-calculi and Petri nets. In Proceedings of the 19th Int. Colloquium on Trees in Algebra and Programming (CAAP'94), Edinburgh, U.K., April 11-13, 1994, volume 787 of Lecture Notes in Computer Science, pages 115-129, Berlin, 1994. Springer.
23. J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon. Efficient algorithms for model checking pushdown systems. In Computer Aided Verification, 12th International Conference, CAV 2000, Chicago, IL, USA, July 15-19, 2000, Proceedings, volume 1855 of Lecture Notes in Computer Science, pages 232-247. Springer, 2000.
24. P. W. Fong. Access control by tracking shallow execution history. In Proceedings of the IEEE Symposium on Security and Privacy (S&P 2004), 9-12 May 2004, Berkeley, CA, USA, pages 43-55, Los Alamitos, 2004. IEEE Computer Society.
25. C. Fournet and A. D. Gordon. Stack inspection: theory and variants. ACM Transactions on Programming Languages and Systems, 25(3):360-399, 2003.
26. L. Gong. Inside Java 2 platform security: architecture, API design, and implementation. Addison-Wesley, 1999.
27. D. Grove and C. Chambers. A framework for call graph construction algorithms. ACM Trans. Program. Lang. Syst., 23(6):685-746, 2001.
28. K. W. Hamlen, J. G. Morrisett, and F. B. Schneider. Computability classes for enforcement mechanisms. ACM Trans. Program. Lang. Syst., 28(1):175-205, 2006.
29. A. Igarashi and N. Kobayashi. Resource usage analysis. In Proceedings of the 29th Annual Symposium on Principles of Programming Languages, POPL, pages 331-342, New York, 2002. ACM.
30. I. Ion, B. Dragovic, and B. Crispo. Extending the Java Virtual Machine to enforce fine-grained security policies in mobile devices. In ACSAC, 2007.
31. Jalapa: Securing Java with Local Policies http://jalapa.sourceforge.net/.
32. G. T. Leavens, A. L. Baker, and C. Ruby. JML: A notation for detailed design. In H. Kilov, B. Rumpe, and I. Simmonds, editors, Behavioral Specifications of Businesses and Systems, pages 175-188. Kluwer Academic Publishers, 1999.
33. K. Marriott, P. J. Stuckey, and M. Sulzmann. Resource usage verification. In Proceedings of the First Asian Symposium on Programming Languages and Systems, APLAS 2003, Beijing, China, November 27-29, 2003, volume 2895 of Lecture Notes in Computer Science, pages 212-229, Berlin, 2003. Springer.
34. F. Martinelli and P. Mori. Enhancing java security with history based access control. In Foundations of Security Analysis and Design IV, FOSAD 2006/2007 Tutorial Lectures, volume 4677 of Lecture Notes in Computer Science, pages 135-159. Springer, 2007.
35. F. Martinelli, P. Mori, and A. Vaccarelli. Towards continuous usage control on grid computational services. In ICAS/ICNS, 2005.
36. F. Massacci and I. Siahaan. Matching midlet's security claims with a platform security policy using automata modulo theory. In 12th Nordic Workshop on Secure IT Systems (NordSec'07), 2007.
37. Microsoft Corp. .NET Framework Developer's Guide: Securing Applications.
38. F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag, 1999.
39. R. Pandey and B. Hashii. Providing fine-grained access control for java programs. In ECCOP'99 - Object-Oriented Programming, 13th European Conference, Lisbon, Portugal, June 14-18, 1999, Proceedings, volume 1628 of Lecture Notes in Computer Science, pages 449-473. Springer, 1999.
40. K. V. Renaud. Experience with statically-generated proxies for facilitating Java runtime specialisation. IEEE Proc. Software, 149(6), Dec 2002.
41. F. B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security (TISSEC), 3(1):30-50, 2000.
42. C. Skalka and S. Smith. History effects and verification. In Proceedings of the Second Asian Symposium on Programming Languages and Systems, APLAS 2004, Taipei, Taiwan, November 4-6, 2004, volume 3302 of Lecture Notes in Computer Science, pages 107-128, Berlin, 2004. Springer.
43. Soot: a Java optimization framework http://www.sable.mcgill.ca/soot/.
44. P. Thiemann. Enforcing safety properties using type specialization. In Proc. ESOP, 2001.
45. Úlfar Erlingsson and F. B. Schneider. SASI enforcement of security policies: a retrospective. In Proceedings of the 1999 Workshop on New security paradigms, pages 87-95, New York, 1999. ACM.
46. J. Wang, Y. Takata, and H. Seki. HBAC: A model for history-based access control and its model checking. In 11th European Symposium on Research in Computer Security - ESORICS 2006, Hamburg, Germany, September 18-20, 2006, volume 4189 of Lecture Notes in Computer Science, pages 263-278, Berlin, 2006. Springer.
47. I. Welch and R. J. Stroud. Kava - using byte code rewriting to add behavioural reflection to Java. In USENIX Conference on Object-Oriented Technology, 2001.