Abstract

The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the Bytecode Verifier, a critical component used to verify class semantics before loading is complete. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting these bytecodes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to potentially insecure code. Analysis of the approach is provided in the context of known security exploits, including type confusion attacks, invalid memory accesses and control flow misdirection. This type of analysis represents a significant departure from standard malware analysis methods based on signatures or anomaly detection.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Lightweight Modeling of Java Virtual Machine Security Constraints
Mark C Reynolds
-
Mark C ReynoldsMark C Reynolds
01 Jan 2009
A comparison of the standard approach and the NONMEM approach in the estimation of bioavailability in man.
M Combrink ... R Miller
The Journal of pharmacy and pharmacology | VOL. 49
M Combrink, et. al.M Combrink ... R Miller
12 Apr 2011
A type system for object initialization in the Java bytecode language
Stephen N Freund ... John C Mitchell
-
Stephen N Freund, et. al.Stephen N Freund ... John C Mitchell
01 Oct 1998
A type system for object initialization in the Java bytecode language
Stephen N Freund ... John C Mitchell
ACM Transactions on Programming Languages and Systems | VOL. 21
Stephen N Freund, et. al.Stephen N Freund ... John C Mitchell
01 Nov 1999
View more papers

More From: Science of Computer Programming

Paper Title
Journal
Date
Author
API comparison based on the non-functional information mined from Stack Overflow
Zhiqi Chen ... Peng Zhang
Science of Computer Programming | VOL. 241
Zhiqi Chen, et. al.Zhiqi Chen ... Peng Zhang
06 Nov 2024
Preface for “Selected papers from the 26th Ibero-American Conference on Software Engineering (CIbSE 2023)”
Giovanni Giachetti ... Renata Guizzardi
Science of Computer Programming | VOL. -
Giovanni Giachetti, et. al.Giovanni Giachetti ... Renata Guizzardi
01 Nov 2024
Efficient Interaction-Based Offline Runtime Verification of Distributed Systems with Lifeline Removal
Erwan Mahe ... Pascale Le Gall
Science of Computer Programming | VOL. -
Erwan Mahe, et. al.Erwan Mahe ... Pascale Le Gall
01 Nov 2024
Analysis and Formal Specification of OpenJDK's BitSet: Proof files
Andy S Tatman ... Stijn De Gouw
Science of Computer Programming | VOL. -
Andy S Tatman, et. al.Andy S Tatman ... Stijn De Gouw
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.