Secure Construction Methods for Extensible and Adaptable Software

2003 Fiscal Year Final Research Report Summary

• Project/Area Number: 12133207
• Research Category: Grant-in-Aid for Scientific Research on Priority Areas
• Allocation Type: Single-year Grants
• Review Section: Science and Engineering
• Research Institution: National Institute of Informatics (2002-2003); Tokyo Institute of Technology (2000-2001)
• Principal Investigator: WATANABE Takuo National Institute Informatics, Software Research Division, Associate Professor, ソフトウェア研究系, 助教授 (20222408)
• Co-Investigator(Kenkyū-buntansha): ISCHISUGI Yuuji National Institute of Advanced Inductrial Science and Technology, Technology Research Institute, Head Researcher, 情報処理研究部門, 主任研究員 (30356464) ; GONDOW Katsuhiko Japan Advanced Institute of Science and Technology, School of Information Science, Associate Professor, 情報科学研究科, 助教授 (50262283) ; AMANO Noriki Japan Advanced Institute of Science and Technology, School of Information Science, Research Associate, 情報科学研究科, 助手 (30313703) ; TANAKA Akira National Institute of Advanced Inductrial Science and Technology, Information Technology Research Institute, Researcher, 情報処理研究部門, 研究員 (10357452) ; SUZUKI Masato National Institute of Informatics, Foundations of Informatics Research Division, Associate Professor, 情報学基礎研究系, 助教授 (30242572)
• Project Period (FY): 2000 – 2003
• Keywords: policy enforcement / runtime checking / mobile code / dynamic adaptation / software composition / byte-code modification / object-oriented language / metalevel architecuture

Research Abstract

We have investigated novel methods for constructing safe and secure software that exhibit extensibility and adaptability. Our research results are divided in the following three categories corresponding to three typical security/safety flaws of extensible/adaptable software. (1)We developed an efficient secure execution method for untrusted programs that is based on code modification and runtime policy examination. (2)We augmented our former works on the dynamically adaptable objects and built a class library that provides safe dynamic adaptation. (3)We also investigated secure composition methods for independently developed software modules and gained some successful results. Some of our research results and related outcomes are actually applied to the collaborative construction of AnZenMail.

Research Products

• [Publications] N.Amano, T.Watanabe: "An Approach for Constructing Component-based Software Systems with Dynamic Adaptability using LEAD++"Intl.Symp.on Principles of Software Evolution. 118-127 (2000)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] T.Watanabe, N.Amano: "A Secure Dynamic Extension Mechanism for Mobile Agents"AISB '01 Symp.on Software Mobility and Adaptive Behavior. 28-31 (2001)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Mobile Code Programs with Safe Dynamic Adaptability"AISB '01 Symp.on Software Mobility and Adaptive Behavior. 105-113 (2001)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Component-based Software Systems with Safe Dynamic Adaptability"Intl.Workshop on Principles of Software Evolution. 176-180 (2001)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "A Software Model for Flexible and Safe Adaptation for Mobile Code Programs"Intl.Workshop on Principles of Software Evolution. 57-61 (2002)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] E.Shibayama, S.Hagihara, N.Kobayashi, S.Nishizaki, K.Taura, T.Watanabe: "AnZenMail : A Secure and Certified E-mail System"Lecture Note in Computer Science (Software Security : Theories and Systems). 2609. 201-216 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] 一杉裕志, 田中哲, 渡部卓雄: "拡張ルール:安全に結合可能なアスペクトの記述ルール"日本ソフトウェア科学会プログラミングおよびプログラミング言語ワークショップ. 58-73 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] 一杉裕志, 田中哲, 渡部卓雄: "安全に結合可能なmixinを提供するためのルール"コンピュータソフトウェア. 20(3). 80-87 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Towards a Specification Scheme for Context-Aware Security Policies for Networked Appliances"IEEE Workshop on Software Technologies for Future Embedded Systems. 65-68 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "LampJ : A Library of Adaptable Modular Programming for Java"LASTED Intl.Conf.on Software Engineering and Applications. 213-218 (2003)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Specifying Context-Aware Runtime Security Policies using an Algebraic Policy Specification Language"IASTED Intl.Conf.on Software Engineering. 612-617 (2004)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] 永藤直行, 渡部卓雄: "移動コードのための機密性強制"日本ソフトウェア科学会ディペンダブルシステムワークショップ. 121-130 (2004)
  • Description: 「研究成果報告書概要(和文)」より
• [Publications] N.Amano, T.Watanabe: "An Approach for Contructing Component-based Software Systems with Dynamic Adaptability using LEAD++"Intl. Symp. on Principles of Software Evolution. 118-127 (2000)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] T.Watanabe, N.Amano: "A Secure Dynamic Extension Mechanism for Mobile Agents"AISB '01 Symp. on Software Mobility and Adaptive Behavior. 28-31 (2001)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Mobile Code Programs with Safe Dynamic Adaptability"AISB '01 Symp. on Software Mobility and Adaptive Behavior. 105-113 (2001)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "Towards Constructing Component-based Software Systems with Safe Dynamic Adaptability"Intl. Workshop on Principles of Software Evolution. 176-180 (2001)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "A Software Model for Flexible and Safe Adaptation for Mobile Code Programs"Intl. Workshop on Principles of Software Evolution. 57-61 (2002)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] E.Shibayama, S.Hagihara, N.Kobayashi, S.Nishizaki, K.Taura, T.Watanabe: "AnZenMail : A Secure and Certified E-mail System"Software Security : Theories and Systems. Vol.2609. 201-216 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] Y.Ichisugi, A.Tanaka, T.Watanabe: "Extension Rules : Description Rules for Safely Composable Aspects (in Japanese)"JSSST Workshop on Programming and Programming Languages. 58-73 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] Y.Ichisugi, A.Tanaka, T.Watanabe: "Rules for Providing Safely Composable Mixins (in Japanese)"Computer Software. Vol.20 No.3. 80-87 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Towareds a Specification Scheme for Context-Aware Security Policies for Networked Appliances"IEEE Workshop on Software Technologies for Future Embedded Systems. 65-68 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Amano, T.Watanabe: "LampJ : A Library of Adaptable Modular Programming for Java"IASTED Intl. Conf. on Software Engineering and Applications. 213-218 (2003)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] T.Watanabe, K.Yamada, N.Nagatou: "Specifying Context-A ware Runtime Security Policies using an Algebraic Policy Specification Language"IASTED Intl. Conf. on Software Engineering. 612-617 (2004)
  • Description: 「研究成果報告書概要(欧文)」より
• [Publications] N.Nagatou, T.Watanabe: "On Secrecy Enforcement for Mobile Code (in Japanese)"JSSST Workshop on Dependable Systems. 121-130 (2004)
  • Description: 「研究成果報告書概要(欧文)」より