Objectif Static analysis of programs is a proven technology in the implementation of compilers and interpreters. Recent years have begun to see application of static analysis techniques in novel areas such as software validation (for example Ariane V) and software re-engineering (for example the Y2K problem). This project will demonstrate that static analysis technology facilitates the validation of systems based on the Internet and on smart cards. Static analysis of programs is a proven technology in the implementation of compilers and interpreters. Recent years have begun to see application of static analysis techniques in novel areas such as software validation (for example Ariane V) and software re-engineering (for example the Y2K problem). This project will demonstrate that static analysis technology facilitates the validation of systems based on the Internet and on smart cards.OBJECTIVESThe objective of the project is to assess the scalability of static analysis technology to the validation of security and safety aspects of realistic languages and applications. We have identified two domains where security is all-important: smart cards and Internet programming. We intend to develop methods that apply to both domains by focussing a substantial part of our efforts on the Java programming language and its dialect Java Card, treating source-level as well as bytecode-level applications.DESCRIPTION OF WORKThe project has 4 main tasks:1. Specification of Security Properties:The objective of this task is to determine the most appropriate way of expressing the dynamic properties of interest for security and safety. We have some experience of using a linear-time temporal logic over program traces for expressing a variety of security properties. This task is an investigation of the scalability and extension of these techniques to realistic case studies.2. Static Analysis: The focal point of the project is the development of analyses that, on the one hand, provide useful information for the security and safety of systems and, on the other hand, are able to deal with large programs that are subsequently modified. A number of promising approaches exist for developing suitable analyses with varying degrees of precision and cost: e.g. Type and Effect Systems and Flow Logics. Aspects of analysis techniques that are important are modularity and expressibility of control flow analysis.3. Algorithms and Tools: The implementation of static analyses eventually boils down to constraint solving. We will aim at adapting general tools, which are already available rather than performing ad hoc developments of new tools. As we extend our analysis techniques to cope with larger languages, we may also need to extend the state-of-the-art in constraint solving.4. Semantics: This task has two sub-parts: modularising semantic specifications and correctness proofs; and semantic specification of security-specific aspects of Java and Java Card. Key technical challenges involve developing good semantic accounts of visibility modifiers and shareable interfaces. We have defined an abstraction of Java Card Virtual Machine (JCVM) Language, called Carmel, which simplifies analysis and semantics issues while retaining all the expressive power and features of Java Card.We have defined a comprehensive operational semantics for Carmel that addresses not only the virtual machine but also issues related to the Java Card Runtime Environment (JCRE) and Application Programming Interface (JCAPI). We have developed an automatic translator from Java Card to Carmel. It ensures that any tool operating on Carmel applications can also be applied to Java Card applications. We have identified a number of security properties that are typically of interest for applications in the banking area. We have specified and implemented a demonstrative Java Card application to exercise our prototypes. This application (called Demoney) is an electronic purse. Although very basic, it is a realistic representative of similar applications in the banking area, as far as program analysis issues are concerned.We have shown that flow logic provides a versatile specification language for formalising security properties. We have also shown how Linear Temporal Logic can be used to validate service control properties based on stack inspection. We have proven our flow logic analysis correct with respect to the semantics. We have developed an approach to modular analyses. We have also extended the Succinct Solver to support dynamic universes; this allows partial solutions to be extended when new queries are added. We have developed a new quantitative approach to security analysis which replaces the classical notion of safety (used in program analysis) by "closeness"; this allows us to measure how vulnerable a system might be. We have shown how the hardest attacker approach can be used to detect reference leaks. We have produced a prototype which integrates some of the analyses that we have specified. Champ scientifique natural sciencescomputer and information sciencessoftwarenatural sciencescomputer and information sciencesinternet Programme(s) FP5-IST - Programme for research, technological development and demonstration on a "User-friendly information society, 1998-2002" Thème(s) 1.1.2.-6.1.1 - FET O: Open domain Appel à propositions Data not available Régime de financement CSC - Cost-sharing contracts Coordinateur IMPERIAL COLLEGE OF SCIENCE, TECHNOLOGY AND MEDICINE Contribution de l’UE Aucune donnée Adresse SOUTH KENSINGTON CAMPUS SW7 2AZ LONDON Royaume-Uni Voir sur la carte Coût total Aucune donnée Participants (3) Trier par ordre alphabétique Trier par contribution de l’UE Tout développer Tout réduire DANMARKS TEKNISKE UNIVERSITET Danemark Contribution de l’UE Aucune donnée Adresse ANKER ENGELUNDSVEJ 1, BYGNING 101A 2800 KGS. LYNGBY Voir sur la carte Coût total Aucune donnée INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE France Contribution de l’UE Aucune donnée Adresse DOMAINE DE VOLUCEAU 78153 LE CHESNAY Voir sur la carte Coût total Aucune donnée TRUSTED LOGIC France Contribution de l’UE Aucune donnée Adresse 5, RUE DU BAILLIAGE 78000 VERSAILLES Voir sur la carte Coût total Aucune donnée