Accession Number:

ADA402606

Title:

Composability, Provability, Reusability (CPR) for Survivability

Descriptive Note:

Final rept. Oct 1996-Dec 1999

Corporate Author:

KESTREL INST PALO ALTO CA

Personal Author(s):

Report Date:

2002-04-01

Pagination or Media Count:

9.0

Abstract:

The goal of this effort Composability, Provability, Reusability CPR for Survivability is to address the problem of composition of survivable systems. The particular objective of this project is to construct a formal specification of the Java Virtual Machine JVM bytecode loader and verifier, and from that specification formally derive a provably-correct implementation. The specification and program development is being carried out using Kestrals Specware System. The security of Java applications depend on type safety and related properties enforced by bytecode verification. Serious Java security flaws have been traced to errors in Suns Java bytecode verifier and loader. A formal specification will serve as a reference document for the construction of new JVM implementations for just-in-time compilers, web browsers, smart cards, etc. The desired safety and security properties of the verifier will be proved as putative properties of the formal specification. The formally-derived implementation can be used as a test oracle to test implementations, or may be incorporated directly into a JVM implementation.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE