swMATH ID: 35849
Software Authors: Adrian Mettler, David Wagner, Tyler Close
Description: Joe-E: A Security-Oriented Subset of Java. We present Joe-E, a language designed to support the development of secure software systems. Joe-E is a subset of Java that makes it easier to architect and implement programs with strong security properties that can be checked during a security review. It enables programmers to apply the principle of least privilege to their programs; implement application-specific reference monitors that cannot be bypassed; introduce and use domain-specific security abstractions; safely execute and interact with untrusted code; and build secure, extensible systems. Joe-E demonstrates how it is possible to achieve the strong security properties of an object-capability language while retaining the features and feel of a mainstream object-oriented language. Additionally, we present ways in which Java’s static type safety complements object-capability analysis and permits additional security properties to be verified statically, compared with previous object-capability languages which rely on runtime checks. In this paper, we describe the design and implementation of Joe-E and its advantages for security and auditability over standard Java. We demonstrate how Joe-E can be used to develop systems with novel security properties that would be difficult or impossible to ensure otherwise, including a web application platform that provides transparent, transactional object persistence and can safely host multiple mutually-distrustful applications in a single JVM.
Homepage: https://www.ndss-symposium.org/wp-content/uploads/2017/09/met.pdf
Dependencies: Java
Related Software: Retire.js; ConflictJS; Synode; Node.js; npm; BreakApp; Codejail; ESLint; Caja; Pivot; Pyronia; EnclaveDom; Sandcrust; Privman; Closure Library; NodeSentry; Deno; Privtrans; Salus; JSand
Cited in: 0 Publications