Secure Construction Methods for Extensible and Adaptable Software

• Project/Area Number: 12133207
• Research Category: Grant-in-Aid for Scientific Research on Priority Areas
• Allocation Type: Single-year Grants
• Review Section: Science and Engineering
• Research Institution: National Institute of Informatics (2002-2003); Tokyo Institute of Technology (2000-2001)
• Principal Investigator: WATANABE Takuo National Institute Informatics, Software Research Division, Associate Professor, ソフトウェア研究系, 助教授 (20222408)
• Co-Investigator(Kenkyū-buntansha): ISCHISUGI Yuuji National Institute of Advanced Inductrial Science and Technology, Technology Research Institute, Head Researcher, 情報処理研究部門, 主任研究員 (30356464) ; GONDOW Katsuhiko Japan Advanced Institute of Science and Technology, School of Information Science, Associate Professor, 情報科学研究科, 助教授 (50262283) ; AMANO Noriki Japan Advanced Institute of Science and Technology, School of Information Science, Research Associate, 情報科学研究科, 助手 (30313703) ; TANAKA Akira National Institute of Advanced Inductrial Science and Technology, Information Technology Research Institute, Researcher, 情報処理研究部門, 研究員 (10357452) ; SUZUKI Masato National Institute of Informatics, Foundations of Informatics Research Division, Associate Professor, 情報学基礎研究系, 助教授 (30242572)
• Project Period (FY): 2000 – 2003
• Project Status: Completed (Fiscal Year 2003)
• Budget Amount: ¥23,800,000 (Direct Cost: ¥23,800,000); Fiscal Year 2003: ¥6,300,000 (Direct Cost: ¥6,300,000); Fiscal Year 2002: ¥9,400,000 (Direct Cost: ¥9,400,000); Fiscal Year 2001: ¥8,100,000 (Direct Cost: ¥8,100,000)
• Keywords: policy enforcement / runtime checking / mobile code / dynamic adaptation / software composition / byte-code modification / object-oriented language / metalevel architecuture / セキュリティ / セキュリティポリシー / 自己反映計算 / JML / 形式仕様 / アスペクト / 契約による設計 / Java / 安全なソフトウェア / 拡張可能ソフトウェア / 適応可能ソフトウェア / ロード時自己反映

Research Abstract

We have investigated novel methods for constructing safe and secure software that exhibit extensibility and adaptability. Our research results are divided in the following three categories corresponding to three typical security/safety flaws of extensible/adaptable software. (1)We developed an efficient secure execution method for untrusted programs that is based on code modification and runtime policy examination. (2)We augmented our former works on the dynamically adaptable objects and built a class library that provides safe dynamic adaptation. (3)We also investigated secure composition methods for independently developed software modules and gained some successful results. Some of our research results and related outcomes are actually applied to the collaborative construction of AnZenMail.

Research Products

• [Publications] N.Amano, T.Watanabe: "An Approach for Constructing Component-based Software Systems with Dynamic Adaptability using LEAD++"Intl.Symp.on Principles of Software Evolution. 118-127 (2000)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] T.Watanabe, N.Amano: "A Secure Dynamic Extension Mechanism for Mobile Agents"AISB '01 Symp.on Software Mobility and Adaptive Behavior. 28-31 (2001)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Mobile Code Programs with Safe Dynamic Adaptability"AISB '01 Symp.on Software Mobility and Adaptive Behavior. 105-113 (2001)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Component-based Software Systems with Safe Dynamic Adaptability"Intl.Workshop on Principles of Software Evolution. 176-180 (2001)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "A Software Model for Flexible and Safe Adaptation for Mobile Code Programs"Intl.Workshop on Principles of Software Evolution. 57-61 (2002)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] E.Shibayama, S.Hagihara, N.Kobayashi, S.Nishizaki, K.Taura, T.Watanabe: "AnZenMail : A Secure and Certified E-mail System"Lecture Note in Computer Science (Software Security : Theories and Systems). 2609. 201-216 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] 一杉裕志, 田中哲, 渡部卓雄: "拡張ルール:安全に結合可能なアスペクトの記述ルール"日本ソフトウェア科学会プログラミングおよびプログラミング言語ワークショップ. 58-73 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] 一杉裕志, 田中哲, 渡部卓雄: "安全に結合可能なmixinを提供するためのルール"コンピュータソフトウェア. 20(3). 80-87 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Towards a Specification Scheme for Context-Aware Security Policies for Networked Appliances"IEEE Workshop on Software Technologies for Future Embedded Systems. 65-68 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "LampJ : A Library of Adaptable Modular Programming for Java"LASTED Intl.Conf.on Software Engineering and Applications. 213-218 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Specifying Context-Aware Runtime Security Policies using an Algebraic Policy Specification Language"IASTED Intl.Conf.on Software Engineering. 612-617 (2004)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] 永藤直行, 渡部卓雄: "移動コードのための機密性強制"日本ソフトウェア科学会ディペンダブルシステムワークショップ. 121-130 (2004)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "An Approach for Contructing Component-based Software Systems with Dynamic Adaptability using LEAD++"Intl. Symp. on Principles of Software Evolution. 118-127 (2000)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] T.Watanabe, N.Amano: "A Secure Dynamic Extension Mechanism for Mobile Agents"AISB '01 Symp. on Software Mobility and Adaptive Behavior. 28-31 (2001)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Mobile Code Programs with Safe Dynamic Adaptability"AISB '01 Symp. on Software Mobility and Adaptive Behavior. 105-113 (2001)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Component-based Software Systems with Safe Dynamic Adaptability"Intl. Workshop on Principles of Software Evolution. 176-180 (2001)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "A Software Model for Flexible and Safe Adaptation for Mobile Code Programs"Intl. Workshop on Principles of Software Evolution. 57-61 (2002)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] E.Shibayama, S.Hagihara, N.Kobayashi, S.Nishizaki, K.Taura, T.Watanabe: "AnZenMail : A Secure and Certified E-mail System"Software Security : Theories and Systems. Vol.2609. 201-216 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] Y.Ichisugi, A.Tanaka, T.Watanabe: "Extension Rules : Description Rules for Safely Composable Aspects (in Japanese)"JSSST Workshop on Programming and Programming Languages. 58-73 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] Y.Ichisugi, A.Tanaka, T.Watanabe: "Rules for Providing Safely Composable Mixins (in Japanese)"Computer Software. Vol.20 No.3. 80-87 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Towareds a Specification Scheme for Context-Aware Security Policies for Networked Appliances"IEEE Workshop on Software Technologies for Future Embedded Systems. 65-68 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "LampJ : A Library of Adaptable Modular Programming for Java"IASTED Intl. Conf. on Software Engineering and Applications. 213-218 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Specifying Context-A ware Runtime Security Policies using an Algebraic Policy Specification Language"IASTED Intl. Conf. on Software Engineering. 612-617 (2004)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Nagatou, T.Watanabe: "On Secrecy Enforcement for Mobile Code (in Japanese)"JSSST Workshop on Dependable Systems. 121-130 (2004)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] 一杉裕志(他2名): "安全に結合可能なmixinを提供するためのルール"コンピュータソフトウェア. 20巻3号. 80-87 (2003)
• [Publications] Takuo Watanabe(他2名): "Towards a Specification Scheme for Context-Aware Security Policies for Networked Appliances"IEEE International Workshop on Software Technologies for Future Embedded Systems. 65-68 (2003)
• [Publications] 山田聖(他3名): "JMLによるアプリケーションの安全性保証:Maildirフォルダライブラリの一貫性保証"日本ソフトウェア科学会第20回大会論文集. (CD-ROM). 2B-4 (2003)
• [Publications] Noriki Amano(他1名): "LampJ : A Library of Adaptable Modular Programming for Java"IASTED International Conference on Software Engineering and Applications. 213-218 (2003)
• [Publications] Takuo Watanabe(他2名): "Specifying Context-Aware Runtime Security Policies using an Algebraic Policy Specification Language"IASTED International Conference on Software Engineering. 612-617 (2004)
• [Publications] 永藤直行(他1名): "移動コードのための機密性強制"日本ソフトウェア科学会 ディペンダブルシステムワークショップ. 121-130 (2004)
• [Publications] 一杉裕志, 田中哲, 渡部卓雄: "安全な結合可能なアスペクトを提供するためのルール"コンピュータソフトウェア. (掲載予定). (2003)
• [Publications] Takuo Watanabe, Kiyoshi Yamada, Naoyuki Nagatou: "Towards a Specification Scheme for Context-Aware Security Policies for Networded Appliances"IEEE ISORC '03 Workshop on Software Technologies for Future Embedded Systems. (掲載予定). (2003)
• [Publications] 一杉裕志, 田中哲, 渡部卓雄: "拡張ルール:安全に融合可能なアスペクトの記述ルール"日本ソフトウェア科学会・プログラミングおよびプログラミング言語ワークショップ(PPL2003). 58-73 (2003)
• [Publications] Noriki Amano, Takuo Watanabe: "A Software Model for Flexible and Safe Adaptation for Mobile Code Programs"ACM ICSE 2002 International Workshop on Principles of Software Evolution(IWPSE 2002). 57-61 (2002)
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Component-based Software Systems with Safe Dynamic Adaptability"Principles of Software Evolution 2001 (IEEE Press). (掲載予定). (2002)
• [Publications] T.Watanabe: "A Secure Dynamic Extension Mechanism for Mobile Agents"AISB '01 Symp. on Software Mobility and Adaptive Behaviour. 23-31 (2001)
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Mobile Code Programs with Safe Dynamic Adaptability"AISB '01 Symp. on Software Mobility and Adaptive Behaviour. 105-113 (2001)
• [Publications] N.Amano, T.Watanabe: "An Approach for Constructing Component-based Software Systems with Safe Dynamic Adaptability"OOPSLA 2001 Workshop on Language Mechanisms for Programming Software Components. 68-74 (2001)
• [Publications] Takuo Watanabe: "Towards a Modular Substrate for Reliable Mobile Agent Systems"Proceedings of ACM/IFIP Middleware 2000 Workshop on Reflective Middleware (RM 2000). 21-22 (2000)
• [Publications] Takuo Watanabe: "A Reflective Framework for Reliable Mobile Agent Systems"Proceedings of ECOOP2000 Workshop on Reflection and Metalevel Architectures (RMA 2000)(オンライン論文集). (2000)
• [Publications] Noriki Amano: "An Approach for Constructing Component-based Software Systems with Dynamic Adaptability using LEAD++"Proceedings of International Symposium on Principles of Software Evolution. 118-127 (2000)
• [Publications] Takuo Watanabe: "A Secure Dynamic Extension Mechanism for Mobile Agents"Proceedings AISB'01 Symposium on Software Mobility and Adaptive Behaviour. (発表予定). (2001)
• [Publications] Noriki Amano: "Towards Constructing Mobile Code Programs with Safe Dynamic Adaptability"Proceedings AISB'01 Symposium on Software Mobility and Adaptive Behaviour. (発表予定). (2001)