nach oben

The Journal of Supercomputing

Erschienen in:

01.10.2014

Secure component composition with modular behavioral properties

verfasst von: Hyongsoon Kim, Eunyoung Lee

Erschienen in: The Journal of Supercomputing | Ausgabe 1/2014

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

We propose a flexible way of allowing the users of software components to specify their security policies, and endow digitally signed certificates with more expressive power at link time. Secure linking (SL) is more flexible than type-checking or other static checking mechanisms with endowing users the freedom to specify security policies at link time, and SL is more expressive than simple digital signing with restricting the scope of guarantees made by digitally signed certificates. SL would not prevent bugs in a software component, but it gives signers of software components finer-grain control of the meaning of their certificates. We implemented a logic-based framework for SL, which consists of the SL logic, a proof verifier, a tactical prover, and user interface languages. The framework of SL encompasses the existing constraint languages, such as OCL and JML, so the security policies and the property statements of software components can be written easily using those popular languages. In this paper, we explain the linking protocol of SL, the SL framework, and the extended user interface languages with OCL and JML. We also discuss the strength of the proposed linking protocol in developing practical software systems.

Vorheriger Artikel Editorial of special section on Hybrid Information Security Technologies: part II

Nächster Artikel Improved deleted file recovery technique for Ext2/3 filesystem

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Tseng F-H, Chou L-D, Chao H-C (2011) A survey of black hole attacks in wireless mobile ad hoc networks. Hum Centric Comput Inform Sci 1(1):4CrossRef

Singh SK, Sabharwal S, Gupta JP (2012) A novel approach for deriving test scenarios and test cases from events. J Inform Process Syst 8(2):213–240CrossRef

Necula GC (1997) Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp 106–119

Dam M, Lundblad A (2010) A proof carrying code framework for inlined reference monitors in Java Bytecode. CoRR, abs/1012.2995

Jouannaud J-P, Shao Z (2011) Certified programs and proofs. In: Proceedings of the first international conference on Cpp 2011, Kenting, Taiwan, December 7–9, 2011, Springer-Verlag New York Incorporated

Li T, Yu F, Lin Y, Kong X, Yu Y (2011) Trusted computing dynamic attestation using a static analysis based behaviour model. J Converg 2(1):61–68

Morrisett G, Walker D, Crary K, Glew N (1999) From system F to typed assembly language. ACM Trans Progr Lang Syst (TOPLAS) 21(3):527–568CrossRef

Glew N, Morrisett G (1999) Type-safe linking and modular assembly language. In: Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 250–261. ACM

Cardelli L (1997) Program fragments, linking, and modularization. In: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 266–277

10.

Dean D (1997) The security of static typing with dynamic linking. In: Proceedings of the 4th ACM conference on computer and communications security, pp 18–27

11.

Warmer JB, Kleppe AG (2003) The Object Constraint Language, Getting Your Models Ready for MDA. Addison-Wesley Professional

12.

Lano K (2009) UML 2 semantics and applications. Wiley, New York

13.

Richters M (2002) A precise approach to validating UML models and OCL constraints. Logos

14.

Leavens G, Baker A (1999) JML: a notation for detailed design. Kluwer International Series, Dodretch

15.

Muto Y, Okano K, Kusumoto S (2011) A visualization technique for unit testing and static checking with caller–callee relationships. J Converg 2(2):1–8

16.

Leavens G (1996) An overview of Larch/C++: Behavioral specifications for C++ modules. Object-Oriented Behavioral Specifications

17.

Aikebaier A, Enokido T, Takizawa M (2011) Trustworthy group making algorithm in distributed systems. Hum Centric Comput Inform Sci 1(1):6CrossRef

18.

Appel AW, Felten EW (1999) Proof-carrying authentication. In: Proceedings of the 6th ACM conference on computer and communications security, pp 52–62

19.

Pfenning F, Schürmann C (1999) System description: Twelf—a meta-logical framework for deductive systems. Automated Deduction—CADE-16, pp 679–679

20.

Church A (1940) A formulation of the simple theory of types. The Journal of Symbolic Logic 5(2):56–68MathSciNetCrossRef

21.

Appel AW, Michael N, Stump A, Virga R (2003) A trustworthy proof checker. J Autom Reason 31(3):231–260CrossRefMATH

22.

Appel AW, Felty AP (2004) Dependent types ensure partial correctness of theorem provers. J Funct Progr 14(1):3–19MathSciNetCrossRefMATH

23.

Flanagan C, Rustan K, Leino M, Lillibridge M, Nelson G, Saxe JB, Stata R (2002) Extended static checking for Java. SIGPLAN Not. 37(5):234–245CrossRef

24.

Appel AW, Felty AP (2000) A semantic model of types and machine instructions for proof-carrying code. In: Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on principles of programming languages, pp 243–253

25.

Appel AW (2001) Foundational proof-carrying code. In: Proceedings of the 16th annual IEEE symposium on logic in computer science, pp 247–256

26.

Liskov BH, Wing JM (1994) A behavioral notion of subtyping. Trans Program Lang Syst (TOPLAS) 16(6)

Titel: Secure component composition with modular behavioral properties
verfasst von: Hyongsoon Kim
Eunyoung Lee
Publikationsdatum: 01.10.2014
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 1/2014
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-014-1283-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 1/2014

Secure and reliable electronic record management system using digital forensic technologies

A comparative simulation study on the power–performance of multi-core architecture

High performance data clustering: a comparative analysis of performance for GPU, RASC, MPI, and OpenMP implementations

StoryCube: supporting children’s storytelling with a tangible tool

An anonymous e-rental protocol based on ID-based cryptography and NFC

Biclique cryptanalysis of PRESENT-80 and PRESENT-128

Premium Partner