Skip to Main content Skip to Navigation
Conference papers

Secure the Clones - Static Enforcement of Policies for Secure Object Copying

Thomas Jensen 1 Florent Kirchner 1 David Pichardie 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an inter-nal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to overriding by a malicious sub-class. Currently no language-based mechanism supports secure object cloning. This paper proposes a type-based annotation system for defining modular copy policies for class-based object-oriented programs. A copy policy specifies the maximally allowed sharing between an object and its clone. We present a static enforcement mechanism that will guarantee that all classes fulfill their copy policy, even in the presence of overriding of copy methods, and establish the semantic correctness of the over-all approach in Coq. The mechanism has been implemented and experimentally evaluated on clone methods from several Java libraries.
Document type :
Conference papers
Complete list of metadatas

Cited literature [13 references]  Display  Hide  Download

https://hal.inria.fr/hal-01110817
Contributor : David Pichardie <>
Submitted on : Wednesday, January 28, 2015 - 11:41:54 PM
Last modification on : Friday, July 10, 2020 - 4:16:28 PM
Long-term archiving on: : Wednesday, April 29, 2015 - 11:47:12 AM

File

esop11.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01110817, version 1

Citation

Thomas Jensen, Florent Kirchner, David Pichardie. Secure the Clones - Static Enforcement of Policies for Secure Object Copying. ESOP 2011, 2011, Saarbrucken, Germany. ⟨hal-01110817⟩

Share

Metrics

Record views

2150

Files downloads

122