Beta 1

Title Specification of Security Properties by JML
Author Dulaj, Ilir
Supervisor Baumeister, Hubert (Software Engineering, Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2010
Abstract Nowadays, verification of programs is gaining increased importance. The software industry appears more and more interested in methods and tools to ensure security in their applications. Java Modeling Language has been successfully used in the past by programmers to express their intentions in the Design by Contract fashion in sequential programming. One of the design goals of JML was to improve the functional software correctness of Java applications. Regarding the verification of security properties, JML was mostly successful in Java Smart Card applets due to the specifics of these applications. In this thesis work we investigate the feasibility of JML to express high-level security properties in Java applications that have more realistic requirements and are implemented in the object oriented technology. We do a threat analysis of a case study regarding a medical clinic and derive the required security properties to secure the application. We develop a prototype application where we specify high-level security properties with JML and use a runtime assertion checking tool to verify the code. We model the functional behavior of the prototype that establishes the security properties as a finite state automaton. Our prototype is developed based on this automaton. States and state transitions modeled in the automaton are expressed in the prototype with JML annotations and verified during runtime. We observe that currently available features in JML are not very feasible to capture the security related behavior of Java programs on the level of the entire application.
Imprint Technical University of Denmark (DTU) : Kgs. Lyngby, Denmark
Series IMM-M.Sc.-2010-51
Original PDF ep10_51.pdf (1.78 MB)
Admin Creation date: 2010-07-09    Update date: 2010-07-09    Source: dtu    ID: 264989    Original MXD