期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

多线程Java程序安全行为模型的静态检查方法 被引量:4

Static Checking of Security Related Behavior Model for Multithreaded Java Programs
下载PDF
导出
摘要 多线程作为支持程序结构化和并行化的重要机制,其应用越来越广泛,多线程应用程序的安全性也成为新的研究热点之一.针对Java多线程程序,文中采用参数化扩展上下文无关文法作为其安全相关行为模型的抽象表示,给出了从多线程Java程序自动生成安全相关行为模型的方法,形式地描述了静态检查该模型是否满足安全策略的实现,并应用到携带模型代码方法的实现框架中.该方法为安全执行非信任多线程Java移动代码提供了有效支持. Multithreading is an important mechanism for supporting program structuring and parallel computation. With the wide usage of multithreading, security for multithreaded application has become one of new hot research topics. This paper focuses on the security of Java multithreaded programs. At first, parameterized extended context free grammar has been used to formally represent security related behavior model for multithreaded Java program; then the way of automatic generation of such model is introduced, and an approach to statically check security related behavior model is formalized. The method has been applied in the framework of model carrying code. It has been indicated that the method provides effective support for safe execution of untrusted multithreaded Java mobile code.
作者 金英 李泽鹏 张晶 刘磊
机构地区 吉林大学计算机科学与技术学院
出处 《计算机学报》 EI CSCD 北大核心 2009年第9期1856-1868,共13页 Chinese Journal of Computers
基金 国家自然科学基金青年基金(60603031)资助~~
关键词 多线程Java程序 安全相关行为模型 静态检查 参数化扩展上下文无关文法 multithreaded Java program security related behavior model static checking parameterized extended context free grammar
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献11

  • 1Pistoia M, Erlingsson U. Programming languages and program analysis for security: A three-year retrospective. ACM SIGPLAN Notices, 2008, 43(12): 82-39.
  • 2Rajamani S K. Automatic property checking for software: Past, present and future//Proceedings of the 4th IEEE International Conference on Software Engineering and Formal Methods, SEFM 2006. Pune, India, 2006:18-20.
  • 3Jachson D, Rinard M. Software analysis: A roadmap//Proceedings of the Conference on the Future of Software Engineering. Limerick, Ireland, 2000: 133-145.
  • 4Artho C, Biere A. Combined static and dynamic analysis. Department of Computer Science, ZUrich ETH: Technical Report 466, 2005.
  • 5Sekar R, Venkatakrishnan V N, Basu S, Bhatkar S, DuVarhey D. Model-carrying code: A practical approach for safe execution of untrusted applications//Proceedings of the ACM Symposium on Operating Systems Principles (SOSP' 03). Bolton Landing, NY, 2003:15-28.
  • 6魏达,金英,张晶,郑晓娟,李卓.基于开源JVM的安全策略强制实施[J].电子学报,2009,37(B04):36-41. 被引量:2
  • 7Jin Ying, Li Ze-Peng, Wei Da, Liu Lei. Automatic generation and enforcement of security contract for pervasive application//Proceeding of the TSP2008. Shanghai, China, 2008:55-60.
  • 8Naumovich G, Avrunin G S, Clarke L A. Data flow analysis for checking properties of concurrent Java programs//Proceedings of the 2nd ACM SIGSOFT Symposium on Foundations of Software Engineering. New Orleans, Louisiana, United States, 1994:62-75.
  • 9Demartini C, Sisto R. Static analysis of Java multithreaded and distributed application//Proceedings of the International Symposium on Software Engineering for Parallel and Distributed Systems. Kyoto, Japan, 1998:215-222.
  • 10Ferrara P. Static analysis via abstract interpreation of the happens-before memeory model//Proceedings of the TAP2008. Prato, Italy, 2008:116-133.

二级参考文献8

  • 1R Sekar,V Venkatakrishnan, S Basu, S Bhatkar,D DuVarney. Model-carrying code: A practical approach for safe execution of untrusted applications [ J ]. ACM SIGOPS Operating Systems Review, 2003,37(5) : 15 - 28.
  • 2Lujo Bauer,Jarred Ligatti,David Walker.More enforceable security policies[R]. Princeton, New Jersey, USA: Princeton University, 2002.
  • 3Prem Uppuluri. Intrusion detection/prevention using behavior specifications[D]. NY, USA: State University of New York at Stony Brook, 2003.
  • 4Kaffe. org[ Z ]. URL: http://www. kaffe. org/documentation, 2008.
  • 5HC Kim,RS Ramakrishna,W Shin,K Sakurai. Enforcement of integrated security policy in trusted operating systems[M/CD]. Nara, Japan: Springer Berlin/Heidelberg, 2007.214 - 229.
  • 6SK Nair, PND Simpson, B Crispo, AS Tanenbaurn. A virtual machine based information flow control system for policy enforcement[J]. Electronic Notes in Theoretical Computer Science 2008,197(1):3 - 16.
  • 7Jansen W, Karygiannis T, Korolev V, et al. Policy expression and enforcement for handheld devices[ R]. Gaithersburg, Maryland, USA: Computer Security Division Information Technology Laboratory NIST,2003.
  • 8李泽鹏,金英,张晶,郑晓娟.基于Java平台实现安全行为模型验证[J].计算机工程与科学,2007,29(10):7-10. 被引量:2

共引文献1

同被引文献12

引证文献4

二级引证文献5

计算机学报
2009年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部