A Framework for Analysis of Java-Based XACML Engines

ABSTRACT A lot of applications enhance their security via access-control systems. XACML (exten­ sible Access Control Markup Language) is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are encoded in XACML. An XACML implementation provides func­ tionalities to evaluate XACML requests against XACML policies. There are many XACML libraries implemented in the Java programming language which are supposed to provide a set of Java classes that understand the XACML language, as well as the rules about how to process requests and how to manage attributes and other related data. This thesis focuses on the performance analysis of such libraries. We first implement a framework for analysis of Java-based XACML engines. This is accomplished by creating the hierarchy of Java classes representing the main functionality of XACML engines. We then conduct experiments by means of our framework investigating performance features of such XACML engines as Sun XACML, XEngine, and Enterprise Java XACML. The proposed approach differs from previous work in the engines chosen as well as the variety of experiments conducted and their parameters

The SystemJ approach to system-level design

In this paper, we propose a new system-level design language, called SystemJ. It extends Java with synchronous reactive features present in Esterel and asynchronous constructs suitable for modelling globally asynchronous locally synchronous systems. The strength of SystemJ comes from its ability to offer the data processing and encapsulation elegance of Java, Esterel-like reactivity and synchrony, and the asynchronous de-coupling of CSP all within the Java framework. Using standard Java environments, for specification and modelling, or specialised reactive embedded processors, for high performance implementation, the SystemJ design flow is extremely versatile. With the increasing attention that Java gets in embedded systems, SystemJ comes to address data and control, software and hardware, modelling and implementation in a unified manner

Spoon: Program Analysis and Transformation in Java

In this research report, we present Spoon, a framework for program transformation and static analysis in Java. More precisely, Spoon is an open and extensible Java compiler, written in pure Java by using Compile-time reflection techniques. We take advantage of the new features added by Java 5, and particularly of annotations and generics. Using annotations within the Spoon framework allows the programmer to extend the Java language without defining new syntactic elements, and in such a way that it is naturally supported by IDEs for Java 5 and greater. Generics, as a priceless complement, allow for the well-typing of Spoon programs that implement the programmers' language extensions. Enforcing typing naturally provides better IDE support (such as static checks, completion, documentation, and navigation), and also allows us to define a pure Java template mechanism, which we use as a tool to define well-typed and straightforward program transformations. In addition to its basic transformation capabilities, Spoon comes with a partial evaluation engine that is used to calculate the control flow of the program and to simplify the results of template-based transformations for correctness, optimization, and readability. In order to demonstrate the usability and usefulness of our framework, we present three applications, which have been chosen to cover most of Spoon's features: a translator from Java 1.4 programs into well-typed Java 5 programs, an efficient template-based AOP extension, and an automatic implementation and validation of the visitor pattern

Formally sound implementations of security protocols with JavaSPI

Designing and coding security protocols is an error prone task. Several flaws are found in protocol implementations and specifications every year. Formal methods can alleviate this problem by backing implementations with rigorous proofs about their behavior. However, formally-based development typically requires domain specific knowledge available only to few experts and the development of abstract formal models that are far from real implementations. This paper presents a Java-based protocol design and implementation framework, where the user can write a security protocol symbolic model in Java, using a well defined subset of the language that corresponds to applied π-calculus. This Java model can be symbolically executed in the Java debugger, formally verified with ProVerif, and further refined to an interoperable Java implementation of the protocol. Soundness theorems are provided to prove that, under some reasonable assumptions, a simulation relation relates the Java refined implementation to the symbolic model verified by ProVerif, so that, for the usual security properties, a property verified by ProVerif on the symbolic model is preserved in the Java refined implementation. The applicability of the framework is evaluated by developing an extensive case study on the popular SSL protocol

Dependent Types for Class-based Mutable Objects (Artifact)

This artifact is based on DOL, a Dependent Object-oriented Language featuring dependent types, mutable objects and class-based inheritance with subtyping. The typechecker written in Xtend, a flexible and expressive dialect of Java, is a direct implementation of the algorithmic type system described in the companion paper. It uses a direct interface to Z3 theorem prover via its API for Java. The artifact ships with an IDE developed as an Eclipse plugin based on the Xtext framework

Distributed Object Medical Imaging Model

Abstract- Digital medical informatics and images are commonly used in hospitals today,. Because of the interrelatedness of the radiology department and other departments, especially the intensive care unit and emergency department, the transmission and sharing of medical images has become a critical issue. Our research group has developed a Java-based Distributed Object Medical Imaging Model(DOMIM) to facilitate the rapid development and deployment of medical imaging applications in a distributed environment that can be shared and used by related departments and mobile physiciansDOMIM is a unique suite of multimedia telemedicine applications developed for the use by medical related organizations. The applications support realtime patients’ data, image files, audio and video diagnosis annotation exchanges. The DOMIM enables joint collaboration between radiologists and physicians while they are at distant geographical locations. The DOMIM environment consists of heterogeneous, autonomous, and legacy resources. The Common Object Request Broker Architecture (CORBA), Java Database Connectivity (JDBC), and Java language provide the capability to combine the DOMIM resources into an integrated, interoperable, and scalable system. The underneath technology, including IDL ORB, Event Service, IIOP JDBC/ODBC, legacy system wrapping and Java implementation are explored. This paper explores a distributed collaborative CORBA/JDBC based framework that will enhance medical information management requirements and development. It encompasses a new paradigm for the delivery of health services that requires process reengineering, cultural changes, as well as organizational changes

Kawa|compiling dynamic languages to the Java VM

Many are interested in Java for its portable bytecodes and extensive libraries, but prefer a different language, especially for scripting. People have implemented other languages using an interpreter (which is slow), or by translating into Java source (with poor responsiveness for eval). Kawa uses an interpreter only for “simple” expressions; all non-trivial expressions (such as function definitions) are compiled into Java bytecodes, which are emitted into an in-memory byte array. This can be saved for later, or quickly loaded using the Java ClassLoader. Kawa is intended to be a framework that supports multiple source languages. Currently, it only supports Scheme, which is a lexically-scoped language in the Lisp family. The Kawa dialect of Scheme implements almost all of the current Scheme standard (R5RS), with a number of extensions, and is written in a efficient objectoriented style. It includes the full “numeric tower”, with complex numbers, exact infinite-precision rational arithmetic, and units. A number of extensions provide access to Java primitives, and some Java methods provide convenient access to Scheme. Since all Java objects are Scheme values and vice versa, this makes for a very powerful hybrid Java/Scheme environment. An implementation of ECMAScript (the standardized “core ” of JavaScript) is under construction. Other languages, including Emacs Lisp, are also being considered

Fungible and non-fungible tokens with snapshots in Java

Many blockchain applications exchange tokens, such as bitcoin and ether, or implement them through smart contracts. A trend in blockchain is to apply standards for token interoperability, unchanged, from platform to platform, easing the design challenges with trusted and widely-used specifications. However, the exploitation of the target language semantics can result in technological advantages and more efficient contracts. This paper presents a re-engineering of OpenZeppelin’s implementation of the ERC-20 and ERC-721 standards in Takamaka, a Java framework for programming smart contracts. It describes a sound solution to the issue about the types allowed for the token holders and a novel implementation for making snapshots of tokens, based on tree maps, that is possible in Java, but not in Solidity, more efficient than the literal translation in Java from Solidity, within the Java virtual machine. Moreover, it applies to ERC-721 as well, where a snapshot mechanism was previously missing. The same snapshot mechanism can also be applied beyond the smart contracts for tokens

Test Case Generation for Object-Oriented Imperative Languages in CLP

Testing is a vital part of the software development process. Test Case Generation (TCG) is the process of automatically generating a collection of test cases which are applied to a system under test. White-box TCG is usually performed by means of symbolic execution, i.e., instead of executing the program on normal values (e.g., numbers), the program is executed on symbolic values representing arbitrary values. When dealing with an object-oriented (OO) imperative language, symbolic execution becomes challenging as, among other things, it must be able to backtrack, complex heap-allocated data structures should be created during the TCG process and features like inheritance, virtual invocations and exceptions have to be taken into account. Due to its inherent symbolic execution mechanism, we pursue in this paper that Constraint Logic Programming (CLP) has a promising unexploited application field in TCG. We will support our claim by developing a fully CLP-based framework to TCG of an OO imperative language, and by assessing it on a corresponding implementation on a set of challenging Java programs. A unique characteristic of our approach is that it handles all language features using only CLP and without the need of developing specific constraint operators (e.g., to model the heap)