ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Confined types
Full text PdfPdf (1.71 MB)
Source Conference on Object Oriented Programming Systems Languages and Applications archive
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications table of contents
Denver, Colorado, United States
Pages: 82 - 96  
Year of Publication: 1999
ISBN:1-58113-238-7
Also published in ...
Authors
Jan Vitek  Purdue University, Dept. of Computer Sciences
Boris Bokowski  Freie Universität Berlin, GMD-FIRST Berlin, Germany
Sponsor
SIGPLAN: ACM Special Interest Group on Programming Languages
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 8,   Downloads (12 Months): 48,   Citation Count: 25
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/320384.320392
What is a DOI?

ABSTRACT

Sharing and transfer of object references is difficult to control in object-oriented languages. Unconstrained sharing poses serious problems for writing secure components in object-oriented languages. In this paper, we present a set of inexpensive syntactic constraints that strengthen encapsulation in object-oriented programs and facilitate the implementation of secure systems. We introduce two mechanisms: confined types to impose static scoping on dynamic object references and, for technical reasons, anonymous methods which are methods that do not reveal the identity of the current instance (this). Confined types protect objects from use by untrusted code, while anonymous methods allow standard classes to be reused from confined classes. We have implemented a verifier which performs a modular analysis of Java programs and provides a static guarantee that confinement is respected. We present security related programming examples.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
P. S. Almeida. Balloon types: Controlling sharing of state in data types. In M. Aksit and S. Matsuoka, editors, ECO OP '97--Object-Oriented Programming, 11th European Conference, volume 1241 of Lecture Notes in Computer Science, pages 32-59, Jyv~kyl~i, Finland, 9-13 June 1997. Springer.
2
Boris Bokowski, CoffeeStrainer: statically-checked constraints on the definition and use of types in Java, Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering, p.355-374, September 06-10, 1999, Toulouse, France
 
3
Boris Bokowski , Markus Dahm, Poor Man's Genericity for Java, Workshop ion on Object-Oriented Technology, p.552, July 20-24, 1998
 
4
J. Boyland. Deferring destruction when reading unique variables. Technical report, University of Wisconsin- Milwaukee~ Mar. 1999.
5
Gilad Bracha , Martin Odersky , David Stoutamire , Philip Wadler, Making the future safe for the past: adding genericity to the Java programming language, Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.183-200, October 18-22, 1998, Vancouver, British Columbia, Canada
 
6
J. Chase, H. Levy, M. Baker-Harvey, and E. Lazowska. Opal: A single address space system for 64-bit architectures. In Proceedings of the Fourth Workshop on Workstation Operating Systems, pages 80-85, 1993.
7
David G. Clarke , John M. Potter , James Noble, Ownership types for flexible alias protection, ACM SIGPLAN Notices, v.33 n.10, p.48-64, Oct. 1998
8
Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976  [doi>10.1145/360051.360056]
 
9
Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
 
10
Daniela Genius , Martin Trapp , Wolf Zimmermann, An Approach to Improve Locality Using Sandwich Types, Proceedings of the Second International Workshop on Types in Compilation, p.194-214, March 25-27, 1998
 
11
L. Gong. Java security architecture (JDK 1.2). Technical report, JavaSoft, July 1997. Revision 0.5.
 
12
L. Gong. Guarding objects. In G. Vigna, editor, Mobile Agents and Security, volume 576 of LNCS, pages 1-23, Berlin, Germany, Aug. 1998. Springer.
 
13
James Gosling , Bill Joy , Guy L. Steele, The Java Language Specification, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1996
 
14
R. Grimm , B. Bershad, Security for Extensible Systems, Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), p.62, May 05-06, 1997
 
15
J. Mossiere , F. Saunier, Hidden software capabilities, Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96), p.282, May 27-30, 1996
 
16
C. Hawblitzel, C.-C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing Multiple Protection Domains in Java. Technical Report 97-1660, Cornell University, Department of Computer Science, 1997.
17
Nevin Heintze , Jon G. Riecke, The SLam calculus: programming with secrecy and integrity, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.365-377, January 19-21, 1998, San Diego, California, United States  [doi>10.1145/268946.268976]
18
John Hogg, Islands: aliasing protection in object-oriented languages, ACM SIGPLAN Notices, v.26 n.11, p.271-285, Nov. 1991
19
John Hogg , Doug Lea , Alan Wills , Dennis deChampeaux , Richard Holt, The Geneva convention on the treatment of object aliasing, ACM SIGPLAN OOPS Messenger, v.3 n.2, p.11-16, April 1992  [doi>10.1145/130943.130947]
 
20
S. Kent and i. Maung. Encapsulation and Aggregation. In Proceedings of TOOLS PACIFIC 95 (TOOLS 18). Prentice Hall, 1995.
21
William Landi, Undecidability of static analysis, ACM Letters on Programming Languages and Systems (LOPLAS), v.1 n.4, p.323-337, Dec. 1992  [doi>10.1145/161494.161501]
22
Xavier Leroy , François Rouaix, Security properties of typed applets, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.391-403, January 19-21, 1998, San Diego, California, United States  [doi>10.1145/268946.268979]
 
23
Henry M. Levy, Capability-Based Computer Systems, Butterworth-Heinemann, Newton, MA, 1984
 
24
Gus Lopez , Bjørn N. Freeman-Benson , Alan Borning, Constraints and Object Identity, Proceedings of the 8th European Conference on Object-Oriented Programming, p.260-279, July 04-08, 1994
 
25
S. Lucco, O. Sharp, and R. Wahbe. Omniware: A Universal Substrate for Web Programming. World Wide Web Journal, 1(1):359-368, Dec. 1995.
 
26
J. McLean. Security models. In J. Marciniak, editor, Encyclopedia of Software Engineering. Wiley & Sons, 1994.
27
Joseph A. Bank , Andrew C. Myers , Barbara Liskov, Parameterized types for Java, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.132-145, January 15-17, 1997, Paris, France  [doi>10.1145/263699.263714]
28
Andrew C. Myers, JFlow: practical mostly-static information flow control, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.228-241, January 20-22, 1999, San Antonio, Texas, United States  [doi>10.1145/292540.292561]
 
29
A. C. Myers and B. Liskov. Complete, safe information flow with decentralized labels. In Proceedings oj' the 1998 IEEE Symposium on Security and Privacy, Oakland, California, pages 186-197, 1998.
 
30
James Noble , Jan Vitek , John Potter, Flexible Alias Protection, Proceedings of the 12th European Conference on Object-Oriented Programming, p.158-185, July 20-24, 1998
31
Martin Odersky , Philip Wadler, Pizza into Java: translating theory into practice, Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.146-159, January 15-17, 1997, Paris, France  [doi>10.1145/263699.263715]
 
32
J. Potter , J. Noble , D. Clarke, The Ins and Outs of Objects, Proceedings of the Australian Software Engineering Conference, p.80, November 09-13, 1998
 
33
J. C. Riecke and C. A. Stone. Privacy via Subsumption. In Fifth Workshop on Foundations o~ Object-Oriented Languages, 1998.
34
R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978  [doi>10.1145/359340.359342]
 
35
Secure Internet Programming Group. http://www.cs- .princeton.edu/sip/news/apri129.html. 1997.
36
Geoffrey Smith , Dennis Volpano, Secure information flow in a multi-threaded imperative language, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.355-364, January 19-21, 1998, San Diego, California, United States  [doi>10.1145/268946.268975]
 
37
Joseph Tardo , Luis Valente, Mobile Agent Security and Telescript, Proceedings of the 41st IEEE International Computer Conference, p.58, February 25-28, 1996
 
38
Kresten Krab Thorup , Mads Torgersen, Unifying Genericity - Combining the Benefits of Virtual Types and Parameterized Classes, Proceedings of the 13th European Conference on Object-Oriented Programming, p.186-204, June 14-18, 1999
 
39
F. Tip, C. Laffra, P. F. Sweeney, and D. Streeter. Size matters: Reducing the size of java class file archives. Technical report, IBM Research Report RC 21321, Oct. 1998.
 
40
J. Vitek and C. Bryce. Secure mobile code: the JavaSeal experiment. Manuscript, 1999.
 
41
J. Vitek, M. Serrano, and D. Thanos. Security and communication in mobile object systems. In D. Tsichritzis, editor, Objects at Large. University of Geneva, 1997.
 
42
D. Volpano and G. Smith. A type-based approach to program security. Lecture Notes in Computer Science, 1214~ 1997.
43
Dennis Volpano , Geoffrey Smith, Confinement properties for programming languages, ACM SIGACT News, v.29 n.3, p.33-42, Sept. 1998  [doi>10.1145/300307.300311]
44
Dan S. Wallach , Dirk Balfanz , Drew Dean , Edward W. Felten, Extensible security architectures for Java, Proceedings of the sixteenth ACM symposium on Operating systems principles, p.116-128, October 05-08, 1997, Saint Malo, France
 
45
F. Yellin. Low level security in Java. In Fourth lnternational Conference on ~he World-Wide Web, MIT, Boston, Dec. 1995.

CITED BY  25
James Noble , David Holmes , John Potter, Exclusion for composite objects, ACM SIGPLAN Notices, v.35 n.10, p.13-28, Oct. 2000
Ciarán Bryce , Chrislain Razafimahefa, An approach to safe object sharing, ACM SIGPLAN Notices, v.35 n.10, p.367-381, Oct. 2000
Dave Clarke , Sophia Drossopoulou, Ownership, encapsulation and the disjointness of type and effect, ACM SIGPLAN Notices, v.37 n.11, November 2002
Alex Aiken , Jeffrey S. Foster , John Kodumal , Tachio Terauchi, Checking and inferring local non-aliasing, ACM SIGPLAN Notices, v.38 n.5, May 2003
Jens Palsberg, Type-based analysis and applications, Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.20-27, June 2001, Snowbird, Utah, United States
Chandrasekhar Boyapati , Barbara Liskov , Liuba Shrira, Ownership types for object encapsulation, ACM SIGPLAN Notices, v.38 n.1, p.213-223, January 2003
Sara Porat , Marina Biberstein , Larry Koved , Bilha Mendelson, Automatic detection of immutable fields in Java, Proceedings of the 2000 conference of the Centre for Advanced Studies on Collaborative research, p.10, November 13-16, 2000, Mississauga, Ontario, Canada
Alex Potanin , James Noble , Robert Biddle, Generic ownership: practical ownership control in programming languages, Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 24-28, 2004, Vancouver, BC, CANADA
Jonathan Aldrich , Valentin Kostadinov , Craig Chambers, Alias annotations for program understanding, ACM SIGPLAN Notices, v.37 n.11, November 2002
Yi Lu , John Potter, Protecting representation with effect encapsulation, ACM SIGPLAN Notices, v.41 n.1, p.359-371, January 2006
Neel Krishnaswami , Jonathan Aldrich, Permission-based ownership: encapsulating state in higher-order typed languages, ACM SIGPLAN Notices, v.40 n.6, June 2005
Chris Andreae , James Noble , Shane Markstrum , Todd Millstein, A framework for implementing pluggable type systems, ACM SIGPLAN Notices, v.41 n.10, October 2006
Tal Cohen , Joseph (Yossi) Gil , Itay Maman, JTL: the Java tools language, ACM SIGPLAN Notices, v.41 n.10, October 2006
Peter Müller , Arnd Poetzsch-Heffter , Gary T. Leavens, Modular invariants for layered object structures, Science of Computer Programming, v.62 n.3, p.253-286, 15 October 2006
Ben L. Titzer, Virgil: objects on the head of a pin, ACM SIGPLAN Notices, v.41 n.10, October 2006
Gregory Kulczycki , Jyotindra Vasudeo, Simplifying reasoning about objects with Tako, Proceedings of the 2006 conference on Specification and verification of component-based systems, November 10-11, 2006, Portland, Oregon
Marwan Abi-Antoun , Jonathan Aldrich , Wesley Coelho, A case study in re-engineering to enforce architectural control flow and data sharing, Journal of Systems and Software, v.80 n.2, p.240-264, February, 2007
Brian Chin , Daniel Marino , Shane Markstrum , Todd Millstein, Enforcing and validating user-defined programming disciplines, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.85-86, June 13-14, 2007, San Diego, California, USA
Ciarán Bryce , Jan Vitek, The JavaSeal Mobile Agent Kernel, Autonomous Agents and Multi-Agent Systems, v.4 n.4, p.359-384, December 2001
Christian Grothoff , Jens Palsberg , Jan Vitek, Encapsulating objects with confined types, ACM Transactions on Programming Languages and Systems (TOPLAS), v.29 n.6, p.32-es, October 2007
Nicholas R. Cameron , Sophia Drossopoulou , James Noble , Matthew J. Smith, Multiple ownership, ACM SIGPLAN Notices, v.42 n.10, October 2007
Tian Zhao , Jason Baker , James Hunt , James Noble , Jan Vitek, Implicit ownership types for memory management, Science of Computer Programming, v.71 n.3, p.213-241, May, 2008
Florian T. Schneider , Vijay Menon , Tatiana Shpeisman , Ali-Reza Adl-Tabatabai, Dynamic optimization for efficient strong atomicity, ACM SIGPLAN Notices, v.43 n.10, September 2008
Marwan Abi-Antoun , Jonathan Aldrich, Static extraction of sound hierarchical runtime object graphs, Proceedings of the 4th international workshop on Types in language design and implementation, January 24-24, 2009, Savannah, GA, USA
Marwan Abi-Antoun , Jonathan Aldrich, A field study in static extraction of runtime architectures, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia

INDEX TERMS

Primary Classification:
  F. Theory of Computation
  F.3 LOGICS AND MEANINGS OF PROGRAMS

Additional Classification:
  D. Software
  D.3 PROGRAMMING LANGUAGES
      D.3.2 Language Classifications
          Subjects: Object-oriented languages

  E. Data

  F. Theory of Computation
  F.4 MATHEMATICAL LOGIC AND FORMAL LANGUAGES

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Design, Languages, Measurement, Performance, Reliability, Security, Theory

Collaborative Colleagues:
Jan Vitek: colleagues
Boris Bokowski: colleagues
This Article has also been published in:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player