Reasoning%20about%20Data%20Abstractions - PowerPoint PPT Presentation

About This Presentation
Title:

Reasoning%20about%20Data%20Abstractions

Description:

... to be caught by the compiler or run-time environment instead ... Compiler and run-time environment ensure that bits are treated as the type they represent ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 18
Provided by: David77
Category:

less

Transcript and Presenter's Notes

Title: Reasoning%20about%20Data%20Abstractions


1
cs205 engineering software university of
virginia fall 2006
Security in Java Real or Decaf?
(Duke suicide picture by Gary McGraw.)
2
Project
  • Last problem set final report is due last day
    of class
  • Teams of 2-5 send me team requests before 11am
    Friday

3
Project Ideas
  • Due next Wednesday
  • For now, no suggestions you can do anything you
    want, as long as it
  • Is small enough to finish by Dec 4
  • Is complex enough that a successful project will
    demonstrate understanding of and ability to apply
    key concepts in CS205
  • If you are really stuck...

4
Buzzword Description
from Class 2...
  • A simple, object-oriented, distributed,
    interpreted, robust, secure, architecture
    neutral, portable, high-performance,
    multithreaded, and dynamic language.
  • Sun95

5
What is a secure programming language?
  1. Language is designed so it cannot express certain
    computations considered insecure.
  2. Language is designed so that (accidental) program
    bugs are likely to be caught by the compiler or
    run-time environment instead of leading to
    security vulnerabilities.

A few attempt to do this PLAN, packet filters
6
Safe Programming Languages
  • Type Safety
  • Compiler and run-time environment ensure that
    bits are treated as the type they represent
  • Memory Safety
  • Compiler and run-time environment ensure that
    program cannot access memory outside defined
    storage
  • Control Flow Safety
  • Cant jump to arbitrary addresses

Is Java the first language to have them?
No way! LISP had them all in 1960.
7
Java? Safety
  • Type Safety
  • Most types checked statically
  • Coercions, array assignments type checked at run
    time
  • Memory Safety
  • No direct memory access (e.g., pointers)
  • Primitive array type with mandatory run-time
    bounds checking
  • Control Flow Safety
  • Structured control flow, no arbitrary jumps

8
Malicious Code
  • Can a safe programming language protect you from
    malcode?
  • Code your servers in it to protect from buffer
    overflow bugs
  • Only allow programs from untrustworthy origins to
    run if the are programmed in the safe language

9
Safe Languages?
  • But how can you tell program was written in the
    safe language?
  • Get the source code and compile it (most vendors,
    and all malicious attackers refuse to provide
    source code)
  • Special compilation service cryptographically
    signs object files generated from the safe
    language (SPIN, Bershad96)
  • Verify object files preserve safety properties of
    source language (Java)

10
JVML
malcode.java Java? Source Code
malcode.class JVML Object Code
javac Compiler
JavaVM
Alice wants to know JVML code satisfies Java?s
safety properties.
11
Does JVML satisfy Java?s safety properties?
No, well learn some about JVML later...
12
Bytecode Verifier
malcode.class JVML Object Code
Java Bytecode Verifier
Invalid
Okay
STOP
JavaVM
13
Bytecode Verifier
  • Checks class file is formatted correctly
  • Checks JVML code satisfies safety properties
  • Simulates program execution to know types are
    correct, but doesnt need to examine any
    instruction more than once

14
Verifying Safety Properties
  • Type safe
  • Stack and variable slots must store and load as
    same type
  • Memory safe
  • Must not attempt to pop more values from stack
    than are on it
  • Doesnt access private fields and methods outside
    class implementation
  • Control flow safe
  • Jumps must be to valid addresses within function,
    or call/return

15
Running Mistyped Code
gt java Simple Exception in thread "main"
java.lang.VerifyError (class Simple, method
main signature (Ljava/lang/String)V)
Register 0 contains wrong type
16
Java
javac Compiler
malcode.java
malcode.class JVML
Trusted Computing Base
Java Bytecode Verifier
Invalid
Okay
STOP
JavaVM
17
Charge
  • Next classes understanding byte codes and the
    byte code verifier
  • Start thinking about project ideas and teams
  • Send team requests by email before 11am Friday
Write a Comment
User Comments (0)
About PowerShow.com