Lightweight Modeling of Java Virtual Machine Security Constraints using Alloy

Reynolds, Mark C.

Date Issued

2008-12-30

Author(s)

Reynolds, Mark C.

Export Citation

Download to BibTex

Download to EndNote/RefMan (RIS)

Metadata

Show full item record

Permanent Link

https://hdl.handle.net/2144/1723

Citation (published version)

Reynolds, Mark C. . "Lightweight Modeling of Java Virtual Machine Security Constraints using Alloy", Technical Report BUCS-TR-2008-031, Computer Science Department, Boston University, December 30, 2008. [Available from: http://hdl.handle.net/2144/1723]

Abstract

The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real-world malicious applet is given to demonstrate the efficacy of the approach.

Collections

CAS: Computer Science: Technical Reports [584]