Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: EU-Funded ICT Research on Trust and Security
Guest editors: Jan CamenischGuest-Editor, Javier LopezGuest-Editor, Fabio MassacciGuest-Editor, Massimo CiscatoGuest-Editor and Thomas SkordasGuest-Editor
Article type: Research Article
Authors: Dam, Madsa | Jacobs, Bartb | Lundblad, Andreasc | Piessens, Frankd; *
Affiliations: [a] ACCESS Linnaeus Centre, Royal Institute of Technology (KTH), Sweden. E-mail: mfd@kth.se; Tel.: +46 8 790 6229 | [b] Katholieke Universiteit Leuven, Belgium. E-mail: bart.jacobs@cs.kuleuven.be; Tel.: +32 16 32 7825 | [c] School of Computer Science and Communication, Royal Institute of Technology (KTH), Sweden. E-mail: landreas@kth.se; Tel.: +46 8 790 8408 | [d] Katholieke Universiteit Leuven, Belgium. E-mail: frank.piessens@cs.kuleuven.be; Tel.: +32 16 32 7603
Correspondence: [*] Corresponding author.
Abstract: Inline reference monitoring is a powerful technique to enforce security policies on untrusted programs. The security-by-contract paradigm proposed by the EU FP6 S3MS project uses policies, monitoring, and monitor inlining to secure third-party applications running on mobile devices. The focus of this paper is on multi-threaded Java bytecode. An important consideration is that inlining should interfere with the client program only when mandated by the security policy. In a multi-threaded setting, however, this requirement turns out to be problematic. Generally, inliners use locks to control access to shared resources such as an embedded monitor state. This will interfere with application program non-determinism due to Java's relaxed memory consistency model, and rule out the transparency property, that all policy-adherent behaviour of an application program is preserved under inlining. In its place we propose a notion of strong conservativity, to formalise the property that the inliner can terminate the client program only when the policy is about to be violated. An example inlining algorithm is given and proved to be strongly conservative. Finally, benchmarks are given for four example applications studied in the S3MS project.
Keywords: Security-by-contract, runtime monitoring, monitor inlining
DOI: 10.3233/JCS-2010-0365
Journal: Journal of Computer Security, vol. 18, no. 1, pp. 37-59, 2010
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl