Skip to main content
SpringerLink
Log in

Lightweight Modeling of Java Virtual Machine Security Constraints

  • Conference paper
Abstract State Machines, Alloy, B and Z (ABZ 2010)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5977))

Included in the following conference series:

Abstract

The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real world malicious applet is given to demonstrate the efficacy of the approach. This type of analysis represents a significant departure from standard malware detection methods based on signatures or anomaly detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alloy website, http://alloy.mit.edu

  2. Jackson, D.: Software Abstractions: Logic, Language and Analysis. MIT Press, Cambridge (2006)

    Google Scholar 

  3. McGraw, G., Felten, E.: Securing Java: Getting Down to Business with Mobile Code, 2nd edn. Wiley, New York (1999)

    Google Scholar 

  4. Common Vulnerabilities and Exposures, http://cve.mitre.org

  5. BlackBox Security Advisory, http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=36725

  6. Java and Java Virtual Machine security vulnerabilities and their exploitation techniques, http://www.blackhat.com/presentations/bh-asia-02/LSD/bh-asia-02-lsd.pdf

  7. Lindholm, T., Yellin, F.: The Java Virtual Machine Specification Second Edition. Addison Wesley, Boston (2003)

    Google Scholar 

  8. Xu, H.: Java Security Model and Bytecode Verification, http://www.cis.umassd.edu/~hxu/Papers/UIC/JavaSecurity.PDF

  9. Posegga, J., Vogt, H.: Java bytecode verification using model checking, http://eprints.kfupm.edu.sa/47269

  10. Leroy, X.: Java Bytecode Verification: An Overview. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 265–285. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Jakarta BCEL, http://jakarta.apache.org/bcel

  12. DJ disassembler, http://members.fortunecity.com/neshkov/dj.html

  13. Jasmin assembler, http://jasmin.sourceforge.net

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Boston University,  

    Mark C. Reynolds

Authors
  1. Mark C. Reynolds
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département d’informatique, Sherbrooke, Université de Sherbrooke, J1K 2R1, Québec, Canada

    Marc Frappier

  2. School of Computing Science, Simon Fraser University, V5A 1S6, Burnaby, BC, Canada

    Uwe Glässer

  3. Department of Electrical and computer Engineering, University of Texas at Austin, 1 University Station C5000, 78712-0240, Austin, TX, USA

    Sarfraz Khurshid

  4. Département informatique, Route forestiére Hurtault, Université Paris-Est Créteil, IUT Sénart/Fontainebleau, 77300, Fontainebelau, France

    Régine Laleau

  5. Department of Computer Science, The University of Waikato, 3240, Hamilton, New Zealand

    Steve Reeves

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Reynolds, M.C. (2010). Lightweight Modeling of Java Virtual Machine Security Constraints. In: Frappier, M., Glässer, U., Khurshid, S., Laleau, R., Reeves, S. (eds) Abstract State Machines, Alloy, B and Z. ABZ 2010. Lecture Notes in Computer Science, vol 5977. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11811-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11811-1_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11810-4

  • Online ISBN: 978-3-642-11811-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation