Abstract
The paper presents a novel approach to Java byte code verification: The verification process is performed “offline” on a network server, instead of incorporating it in the client. Furthermore, the most critical part of the verification process is based upon a formal model and uses a model checker for checking the verification conditions. The result of the verification process can be securely communicated to the runtime platform with cryptographic means.
The major advantages of our approach are twofold: on the one hand, it offers a higher degree of security, since the verification process is based on a formal framework. Secondly, it saves resources on the client’s side, since the process of byte code verification can be replaced by a simple check of a digital signature.
This paper concentrates on Java smart cards, where resource limitations inhibit fully-fledged byte code verification within the client, but the demand for security is very high. However, our approach can also be applied to other variants of Java.
The opinions expressed in this paper are solely those of the authors and do not necessarily reflect the views of Deutsche Telekom AG.
Chapter PDF
References
E. Börger and W. Schulte. Programmer Friendly Modular Definition of the Semantics of Java. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, LNCS. Springer, 1998.
E. Clarke, D. Grumberg, and D. Long. Model Checking and Abstraction. ACM Trans. on Prog. Languages and Systems, 16(5):1512–1542, 1994.
E. Clarke, O. Grumberg, and D. Long. Verification tools for finite-state concurrent systems. In A Decade of Concurrency — Reflections and Perspectives, volume 803 of Lecture Notes in Computer Science. Springer Verlag, 1995.
Richard M. Cohen. The Defensive Java Virtual Machine Specification Version, Alpha 1 Release. Technical report, Computational Logic, Inc; http://www.cri.com/software/djvm/html-0.5/djvm-report.html, 1996.
Sophia Drossopoulou and Susan Eisenbach. Proving the Soundness of the Java Type System. Working Paper, Imperial College, Dept. of Computing, London, UK, Feb. 1997.
Drew Dean, Edward W. Felten, and Dan S. Wallach. Java security: From HotJava to Netscape. In IEEE Symposium on Security and Privacy, Oakland, CA, May 1996. IEEE. http://www.cs.princeton.edu/sip/pub/secure96.html.
E. Allen Emerson and Edmund M. Clarke. Using Branching Time Temporal Logic to Synthesize Synchronization Skeletons. Science of Computer Programming, 2(3):241–266, December 1982.
J. Feigenbaum and P. Lee. Trust Management and Proof-Carrying Code for Mobile Code Security. In DARPA Workshop on Foundations of Mobile Code Security, Monterey, CA, 26–28 March 1997.
J. Gosling and G. Steele. The Java Language Specification. Addison-Wesley, 1996.
Matthias Kaiserswerth and Joachim Posegga. Java Chipkarten. Informatik-Spektrum, 21(1):27–28, 1998.
T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison-Wesley, 1996.
G. Necula and P. Lee. Proof-Carrying Code. Technical Report CMU-CS-96-165, Carnegie Mellon University, School of Computer Science, Pittsburg, PA, September 1996.
Tobias Nipkow and David von Oheimb. Javalight is Type-Safe — Definitely. In Proc. 25th ACM Symp. Principles of Programming Languages. ACM Press, 1998.
Joachim Posegga. Die Sicherheitsaspekte von Java. Informatik-Spektrum, 21(1):16–22, 1998.
Z. Qian. A Formal Specification of Java Virtual Machine Instructions. (unpublished manuscript), 1997.
Raymie Stata and Martin Abadi. A Type System for Java Bytecode Subroutines. In Proc. 25th ACM Symp. Principles of Programming Languages. ACM Press, 1998.
Schlumberger, Inc. Cyberflex 2.0 Multi 8K Programmer’s Guide. http://www.cyberflex.austin.et.slb.com/cyberflex/docs/docs-page3.htm, 1997.
Emin Gün Sirer, Arthur J. Gregory, and Brian N. Bershad. Kimera: A Java System Architecture. http://kimera.cs.washington.edu/, 1998.
Sun Microsystems, Inc. Java Card 2.0 Application Programming Interfaces, Revision 1.0 Final. http://java.sun.com:80/products/javacard/, October 13 1997.
Sun Microsystems, Inc. Java Card 2.0 Language Subset and Virtual Machine Specification, Revision 1.0 Final. http://java.sun.com80/products/javacard/, October 13 1997.
Don Syme. Proving Java Type Soundness. Technical report, University of Cambridge Computer Laboratory, 1997.
Frank Yellin. Low Level Security in Java. In WWW4, 1995. http://www.w3.org/pub/Conferences/WWW4/Papers/197/40.html.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Posegga, J., Vogt, H. (1998). Byte code verification for Java smart cards based on model checking. In: Quisquater, JJ., Deswarte, Y., Meadows, C., Gollmann, D. (eds) Computer Security — ESORICS 98. ESORICS 1998. Lecture Notes in Computer Science, vol 1485. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0055863
Download citation
DOI: https://doi.org/10.1007/BFb0055863
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65004-1
Online ISBN: 978-3-540-49784-4
eBook Packages: Springer Book Archive