Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Design of Verification Framework for Java Bytecode

자바 바이트코드의 검증을 위한 프레임워크 설계

  • 김제민 (인하대학교 컴퓨터정보공학과) ;
  • 박준석 (인하대학교 컴퓨터정보공학부) ;
  • 유원희 (인하대학교 컴퓨터정보공학부)
  • Received : 2011.04.18
  • Accepted : 2011.05.26
  • Published : 2011.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

Java bytecode verification is a critical process to guarantee the safety of transmitted Java applet on the web or contemporary embedded devices. We propose a design of framework which enables to analyze and verify java bytecode. The designed framework translates from a java bytecode into the intermediate representation which can specify a properties of program without using an operand stack. Using the framework is able to produce automatically error specifications that could be occurred in a program and express specifications annotated in intermediate representation by a user. Furthermore we design a verification condition generator which converts from an intermediate representation to a verification condition, a verification engine which verifies verification conditions from verification condition generator, and a result reporter which displays results of verification.

Keywords

References

  1. James, P. R. and Chalin, P., "ESC4: a modern caching ESC for Java," In Proceedings of the 8th international workshop on Specification and verification of component-based systems (SAVCBS '09), ACM, New York, NY, USA, 2009, pp. 19-26.
  2. Spato, F., "Julia: A Generic Static Analyser for the Java Bytecode," In Proc. of the 7th Workshop on Formal Techniques for Java-like Programs, FTfJP'2005, Glasgow, Scotland, July 2005.
  3. Necula, G. C., "Proof-carrying code," In Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages (POPL '97). ACM, New York, NY, USA, pp. 106-119.
  4. Gary T. Leavens. 2007. Tutorial on JML, the java modeling language. In Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering (ASE '07). ACM, New York, NY, USA, pp. 573-573.
  5. Barthe, G., et al., "JACK: a tool for validation of security and behaviour of Java applications," In Proceedings of the 5th international conference on Formal methods for components and objects (FMCO'06), Springer-Verlag, Berlin, Heidelberg, 2007, pp. 152-174.
  6. Barnett, M., et al., "The Spec# Programming System: Challenges and Directions," In Verified Software: Theories, Tools, Experiments, Lecture Notes In Computer Science, Vol. 4171. Springer-Verlag, Berlin, Heidelberg, 2005, pp. 144-152.
  7. DeLine, R. and Leino, K. R. M., "BoogiePL: A typed procedural language for checking object-oriented programs," Technical Report MSR-TR-2005-70, Microsoft Research, 2005.
  8. De Moura, L. and Bjorner, N., "Z3: an efficient SMT solver," Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems, March 29-April 06, 2008.
  9. Ahrendt, W., et al., "KeY: a formal method for object-oriented systems," In Proceedings of the 9th IFIP WG 6. 1 international conference on Formal methods for open object-based distributed systems (FMOODS'07), Springer-Verlag, Berlin, Heidelberg, 2007, pp. 32-43.
  10. DeLine, R. and Leino, K. R. M., "BoogiePL: A typed procedural language for checking object-oriented programs," Technical Report MSR-TR-2005-70, Microsoft Research, 2005.
  11. Aydemir, B., Bohannon, A., and Weirich, S., "Nominal Reasoning Techniques in Coq," Electronic Notes in Theoretical Computer Science, Vol. 174, No. 5, 2007, pp. 69-77. https://doi.org/10.1016/j.entcs.2007.01.028
  12. Graf, S. and Saidi, H., "Construction of Abstract State Graphs with PVS," Proceedings of the 9th International Conference on Computer Aided Verification, June 22-25, 1997, pp. 72-83.
  13. Nipkow, T., Paulson, L. C., and Wenzel, M., "Isabelle/HOL," LNCS, Vol. 2283. Springer, Heidelberg, 2002.
  14. Dijkstra, E. W., "Guarded commands, nondeterminacy and formal derivation of programs," Communications of the ACM, Vol. 18, No. 8, Aug. 1975, pp. 453-457. https://doi.org/10.1145/360933.360975
  15. Barnett, M. and Leino, K. R. M., "Weakest-precondition of unstructured programs," Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, Lisbon, Portugal, September 05-06, 2005.
  16. Barrett, C. and Tinelli, C., "CVC3," Proceedings of the 19th international conference on Computer aided verification, Berlin, Germany, July 03-07, 2007.
  17. Dutertre, B. and De Moura, L., "The yices smt solver," Technical report, SRI International, 2006.
  18. 노시춘.성중안, "정보보호 기능구조 아키텍쳐 설계방법", 디지털산업정보학회, 제3권, 제4호, 2007, pp. 65-73.
  19. 김제민.김기태.유원희, "Mini x86 어셈블리어에서 보안 정보 흐름 분석", 디지털산업정보학회, 제5권, 제3호, 2009, pp. 87-98.