Towards Model Checking Security of Real Time Java Software

2018 International Conference on High Performance Computing & Simulation (HPCS) Pub Date : 2018-07-01 DOI:10.1109/HPCS.2018.00106

L. Spalazzi, Francesco Spegni, Giovanni Liva, M. Pinzger

{"title":"Towards Model Checking Security of Real Time Java Software","authors":"L. Spalazzi, Francesco Spegni, Giovanni Liva, M. Pinzger","doi":"10.1109/HPCS.2018.00106","DOIUrl":null,"url":null,"abstract":"More and more software libraries and applications in high-performance computing and distributed systems are coded using the Java programming language. The correctness of such pieces of code w.r.t. a given set of security policies often depends on the correct handling of timing between concurrent or recurrent events. Model-checking has proven to be an effective tool for verifying the correctness of software. In spite of the growing importance of this application area of formal methods, though, no approach exists that targets the problem of verifying the correctness of real-time software w.r.t. timed specifications. The few existing works focus on very different problems, such as schedulability analysis of Java tasks. In this paper we present an approach combining rule-based static analysis together with symbolic execution of Java code to extract networks of timed automata from existing software and then use Uppaal to model-check them against timed specifications. We show through a real-world case study that this approach can be helpful in model-checking security policies of real-time Java software.","PeriodicalId":308138,"journal":{"name":"2018 International Conference on High Performance Computing & Simulation (HPCS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on High Performance Computing & Simulation (HPCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPCS.2018.00106","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

More and more software libraries and applications in high-performance computing and distributed systems are coded using the Java programming language. The correctness of such pieces of code w.r.t. a given set of security policies often depends on the correct handling of timing between concurrent or recurrent events. Model-checking has proven to be an effective tool for verifying the correctness of software. In spite of the growing importance of this application area of formal methods, though, no approach exists that targets the problem of verifying the correctness of real-time software w.r.t. timed specifications. The few existing works focus on very different problems, such as schedulability analysis of Java tasks. In this paper we present an approach combining rule-based static analysis together with symbolic execution of Java code to extract networks of timed automata from existing software and then use Uppaal to model-check them against timed specifications. We show through a real-world case study that this approach can be helpful in model-checking security policies of real-time Java software.

查看原文本刊更多论文

实时Java软件安全性模型检测研究

在高性能计算和分布式系统中，越来越多的软件库和应用程序使用Java编程语言进行编码。在给定的安全策略集之外，这些代码片段的正确性通常取决于对并发事件或循环事件之间时间的正确处理。模型检查已被证明是验证软件正确性的有效工具。尽管形式化方法的应用领域越来越重要，但是，目前还没有一种方法能够针对实时软件的正确性进行验证。为数不多的现有著作关注的是非常不同的问题，比如Java任务的可调度性分析。在本文中，我们提出了一种将基于规则的静态分析与Java代码的符号执行相结合的方法，从现有软件中提取时间自动机网络，然后使用Uppaal根据时间规范对它们进行模型检查。我们通过一个实际案例研究表明，这种方法有助于实时Java软件的模型检查安全策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 International Conference on High Performance Computing & Simulation (HPCS)

自引率

0.00%

发文量