Commands
Search pubs
Quick search by ...
|
Verifiable Functional Purity in JavaMatthew Finifter, Adrian Mettler, Naveen Sastry, David Wagner
Citation
Matthew Finifter, Adrian Mettler, Naveen Sastry, David Wagner. "Verifiable Functional Purity in Java". Talk or presentation, 12, November, 2008.
Abstract
Proving that particular methods within a code base are functionally pure—deterministic and side-effect free—would aid verification of security properties including function invertibility, reproducibility of computation, and safety of untrusted code execution. Until now it has not been possible to automatically prove a method is functionally pure within a high-level imperative language in wide use, such as Java. We discuss a technique to prove that methods are functionally pure by writing programs in a subset of Java called Joe-E; a static verifier ensures that programs fall within the subset. In Joe-E, pure methods can be trivially recognized from their method signature.
To demonstrate the practicality of our approach, we refactor an AES library, an experimental voting machine implementation, and an HTML parser to use our techniques. We prove that their top-level methods are verifiably pure and show how this provides high-level security guarantees about these routines. Our approach to verifiable purity is an attractive way to permit functional-style reasoning about security properties while leveraging the familiarity, convenience, and legacy code of imperative languages.
Electronic downloads
- HTML
Matthew Finifter, Adrian Mettler, Naveen Sastry, David
Wagner. <a
href="http://www.truststc.org/pubs/494.html"
><i>Verifiable Functional Purity in
Java</i></a>, Talk or presentation, 12,
November, 2008.
- Plain text
Matthew Finifter, Adrian Mettler, Naveen Sastry, David
Wagner. "Verifiable Functional Purity in Java".
Talk or presentation, 12, November, 2008.
- BibTeX
@presentation{FinifterMettlerSastryWagner08_VerifiableFunctionalPurityInJava,
author = {Matthew Finifter and Adrian Mettler and Naveen
Sastry and David Wagner},
title = {Verifiable Functional Purity in Java},
day = {12},
month = {November},
year = {2008},
abstract = {Proving that particular methods within a code base
are functionally pure—deterministic and
side-effect free—would aid verification of
security properties including function
invertibility, reproducibility of computation, and
safety of untrusted code execution. Until now it
has not been possible to automatically prove a
method is functionally pure within a high-level
imperative language in wide use, such as Java. We
discuss a technique to prove that methods are
functionally pure by writing programs in a subset
of Java called Joe-E; a static verifier ensures
that programs fall within the subset. In Joe-E,
pure methods can be trivially recognized from
their method signature. To demonstrate the
practicality of our approach, we refactor an AES
library, an experimental voting machine
implementation, and an HTML parser to use our
techniques. We prove that their top-level methods
are verifiably pure and show how this provides
high-level security guarantees about these
routines. Our approach to verifiable purity is an
attractive way to permit functional-style
reasoning about security properties while
leveraging the familiarity, convenience, and
legacy code of imperative languages. },
URL = {http://www.truststc.org/pubs/494.html}
}
Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org..
Notice:
This material is presented to ensure timely dissemination of scholarly
and technical work. Copyright and all rights therein are retained by
authors or by other copyright holders. All persons copying this
information are expected to adhere to the terms and constraints
invoked by each author's copyright.
|
