Verifiable functional purity in java

Proceedings of the 15th ACM conference on Computer and communications security Pub Date : 2008-10-27 DOI:10.1145/1455770.1455793

Matthew Finifter, A. Mettler, N. Sastry, D. Wagner

{"title":"Verifiable functional purity in java","authors":"Matthew Finifter, A. Mettler, N. Sastry, D. Wagner","doi":"10.1145/1455770.1455793","DOIUrl":null,"url":null,"abstract":"Proving that particular methods within a code base are functionally pure--deterministic and side-effect free--would aid verification of security properties including function invertibility, reproducibility of computation, and safety of untrusted code execution. Until now it has not been possible to automatically prove a method is functionally pure within a high-level imperative language in wide use, such as Java. We discuss a technique to prove that methods are functionally pure by writing programs in a subset of Java called Joe-E; a static verifier ensures that programs fall within the subset. In Joe-E, pure methods can be trivially recognized from their method signature. To demonstrate the practicality of our approach, we refactor an AES library, an experimental voting machine implementation, and an HTML parser to use our techniques. We prove that their top-level methods are verifiably pure and show how this provides high-level security guarantees about these routines. Our approach to verifiable purity is an attractive way to permit functional-style reasoning about security properties while leveraging the familiarity, convenience, and legacy code of imperative languages.","PeriodicalId":440730,"journal":{"name":"Proceedings of the 15th ACM conference on Computer and communications security","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th ACM conference on Computer and communications security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1455770.1455793","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 54

Abstract

Proving that particular methods within a code base are functionally pure--deterministic and side-effect free--would aid verification of security properties including function invertibility, reproducibility of computation, and safety of untrusted code execution. Until now it has not been possible to automatically prove a method is functionally pure within a high-level imperative language in wide use, such as Java. We discuss a technique to prove that methods are functionally pure by writing programs in a subset of Java called Joe-E; a static verifier ensures that programs fall within the subset. In Joe-E, pure methods can be trivially recognized from their method signature. To demonstrate the practicality of our approach, we refactor an AES library, an experimental voting machine implementation, and an HTML parser to use our techniques. We prove that their top-level methods are verifiably pure and show how this provides high-level security guarantees about these routines. Our approach to verifiable purity is an attractive way to permit functional-style reasoning about security properties while leveraging the familiarity, convenience, and legacy code of imperative languages.

查看原文本刊更多论文

java中可验证的函数纯度

证明代码库中的特定方法在功能上是纯的——确定性的和无副作用的——将有助于验证安全性属性，包括函数可逆性、计算的可再现性和不受信任的代码执行的安全性。到目前为止，还不可能在广泛使用的高级命令式语言(如Java)中自动证明方法在功能上是纯的。我们讨论了一种技术，通过在Java的一个称为Joe-E的子集中编写程序来证明方法在功能上是纯的;静态验证器确保程序属于子集。在Joe-E中，纯方法可以从方法签名中简单地识别出来。为了演示我们方法的实用性，我们重构了一个AES库、一个实验性投票机实现和一个HTML解析器来使用我们的技术。我们证明了它们的顶级方法是可验证的纯方法，并展示了这如何为这些例程提供高级安全保证。我们的可验证纯粹性方法是一种很有吸引力的方法，它允许对安全属性进行函数式的推理，同时利用命令式语言的熟悉性、便利性和遗留代码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th ACM conference on Computer and communications security

自引率

0.00%

发文量