Skip to main content
SpringerLink
Log in

AnZenMail: A Secure and Certified E-mail System

  • Conference paper
  • First Online:
Software Security — Theories and Systems (ISSS 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2609))

Included in the following conference series:

Abstract

We are developing a secure and certified e-mail system AnZenMail that provides an experimental testbed for our cutting-edge security enhancement technologies. In addition to a provably secure message transfer protocol, we have designed and implemented a server (MTU) and a client (MUA) in order that they could survive recent malicious attacks such as server-cracking and e-mail viruses. The AnZenMail server is implemented in Java, a memory-safe language, and so it is free from stack smashing. Some of its safety properties have been formally verified in Coq mostly at the source code level by manually translating Java methods into Coq functions. The AnZenMail client is designed to provide a support for secure execution of mobile code arriving as e-mail attachments. It has plug-in interfaces for code inspection and execution modules such as static analysis tools, runtime/inline reference monitors, and an anti-virus engine, which are currently being developed by members of our research project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Affeldt, R., Kobayashi, N.: Formalization and Verification of a Mail Server in Coq. Proc. of International Symposium on Software Security, in this volume, 2003.

    Google Scholar 

  2. Aleph One: Smashing the Stack for Fun and Profit, Phrack, 49(7), 1996, http://www.phrack.org/leecharch.php?p=49

  3. Baratloo, A., Singh, N., Tsai, T.: Transparent Run-Time Defense Against Stack-Smashing Attacks. Proc. of USENIX Annual Conference, 2000.

    Google Scholar 

  4. Bernstein, D. J.: The Qmail Security Guarantee.

    Google Scholar 

  5. Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. Proc. of the Royal Society, Series A 426, 233–271, 1989.

    Google Scholar 

  6. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Proc. 7th USENIX Security Conference, 63–78, 1998.

    Google Scholar 

  7. Crocker, S., Freed, N., Galvin, J., Murphy, S.: MIME Object Security Services. RFC 1848, 1995.

    Google Scholar 

  8. Deng, R. H., Gong, L., Lazar, A. A., Wang, W.: Practical Protocols for Certified Electronic Mail. J. of Network and System Management, 4(3), 279–297, 1996.

    Article  Google Scholar 

  9. Ducheneaut, N., Bellotti, V.: E-mail as Habitat. Interactions, ACM, 8(5), 30–38, 2001.

    Article  Google Scholar 

  10. Goldberg, Y., Safran, M., Shapiro, E.: Active Mail-A Framework for Implementing Groupware. Proc. of the Conf. on Computer Supported Cooperative Work, 75–83, 1992.

    Google Scholar 

  11. Hoffman, P.: SMTP Service Extension for Secure SMTP over TLS. RFC 2487, 1999.

    Google Scholar 

  12. Igarashi, A., Kobayashi, N.: Resource Usage Analysis. Proc. of ACM Symposium on Principles of Programming Languages, 331–342, 2001.

    Google Scholar 

  13. Jaeger, T., Prakash, A., Liedtke, J., Islam, N.: Flexible Control of Downloaded Executable Content. ACM Trans. on Information and System Security, 2(2), 177–228, 1999.

    Article  Google Scholar 

  14. Kato, K., Oyama, Y.: SoftwarePot: An Encapsulated Transferable File System for Secure Software Circulation. Proc. of International Symposium on Software Security, in this volume, 2003.

    Google Scholar 

  15. Kent, S. T.: Internet Privacy Enhanced Mail. Comm. of the ACM, 36(8), 48–60, 1993.

    Article  Google Scholar 

  16. Klensin, J. (ed): Simple Mail Transfer Protocol. RFC 2821, 2001.

    Google Scholar 

  17. Pfitzmann, B., Schunter, M., Waidner, M.: Provably Secure Certified Mail. Research Report, RZ 3207(#93253), IBM, 2000.

    Google Scholar 

  18. OpenBSD security. http://www.openbsd.org/security.html

  19. Ramsdell, B. (ed): S/MIME Version 3 Message Specification. RFC 2633, 1999.

    Google Scholar 

  20. Viega, J., McGraw, G., Mutdosch, T., Felten, E. W.: Statically Scanning Java Code: Finding Security Vulnerabilities. IEEE Software, 17(5), 68–74, 2000.

    Article  Google Scholar 

  21. Wallach, D. S., Appel, A. W., Felten, E. W.: SAFKASI: A Security Mechanism for Language-Based Systems. ACM Trans. on Software Engineering and Methodology, 9(4), 341–378, 2000.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Science and Engineering, Tokyo Institute of Technology, 2-12-1 Ookayama, Meguro-ku, Tokyo, Japan

    Etsuya Shibayama, Shigeki Hagihara, Naoki Kobayashi, Shin-ya Nishizaki & Takuo Watanabe

  2. The University of Tokyo, 7-3-1 Hongo, Bunkyo-ku, Tokyo, Japan

    Kenjiro Taura

  3. The National Institute of Informatics, 2-1-2 Hitotsubashi, Chiyoda-ku , Tokyo, Japan

    Takuo Watanabe

Authors
  1. Etsuya Shibayama
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shigeki Hagihara
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Naoki Kobayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shin-ya Nishizaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kenjiro Taura
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Takuo Watanabe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Keio University, 2-15-45 Mita, Minatoku, 108-8345, Tokyo, Japan

    Mitsuhiro Okada

  2. University of Pennsylvania, 200 South 33rd St., 19104, Philadelphia, PA, USA

    Benjamin C. Pierce

  3. University of Pennsylvania, 209 South 33rd St., 19104-6395, Philadelphia, PA, USA

    Andre Scedrov

  4. Keio University, 5322 Endoh, 252-8520, Fujisawa, Japan

    Hideyuki Tokuda

  5. University of Tokyo, 7-3-1 Hongo, Bunkyo-ku, 113, Tokyo, Japan

    Akinori Yonezawa

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shibayama, E., Hagihara, S., Kobayashi, N., Nishizaki, Sy., Taura, K., Watanabe, T. (2003). AnZenMail: A Secure and Certified E-mail System. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_13

Download citation

  • DOI: https://doi.org/10.1007/3-540-36532-X_13

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00708-1

  • Online ISBN: 978-3-540-36532-7

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation