Skip to Main content Skip to Navigation
New interface
Conference papers

Secure the Clones - Static Enforcement of Policies for Secure Object Copying

Thomas Jensen 1 Florent Kirchner 1 David Pichardie 1 
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an inter-nal mutable object. However, implementation of a copy method (like clone()) is entirely left to the programmer. It may not provide a sufficiently deep copy of an object and is subject to overriding by a malicious sub-class. Currently no language-based mechanism supports secure object cloning. This paper proposes a type-based annotation system for defining modular copy policies for class-based object-oriented programs. A copy policy specifies the maximally allowed sharing between an object and its clone. We present a static enforcement mechanism that will guarantee that all classes fulfill their copy policy, even in the presence of overriding of copy methods, and establish the semantic correctness of the over-all approach in Coq. The mechanism has been implemented and experimentally evaluated on clone methods from several Java libraries.
Document type :
Conference papers
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download
Contributor : David Pichardie Connect in order to contact the contributor
Submitted on : Wednesday, January 28, 2015 - 11:41:54 PM
Last modification on : Thursday, January 20, 2022 - 4:20:18 PM
Long-term archiving on: : Wednesday, April 29, 2015 - 11:47:12 AM


Files produced by the author(s)


  • HAL Id : hal-01110817, version 1


Thomas Jensen, Florent Kirchner, David Pichardie. Secure the Clones - Static Enforcement of Policies for Secure Object Copying. ESOP 2011, 2011, Saarbrucken, Germany. ⟨hal-01110817⟩



Record views


Files downloads