Takuo Watanabe

AnZenMail: a secure and certified e-mail system

We are developing a secure and certified e-mail system AnZenMail that provides an experimental testbed for our cutting-edge security enhancement technologies. In addition to a provably secure message transfer protocol, we have designed and implemented a server (MTU) and a client (MUA) in order that they could survive recent malicious attacks such as server-cracking and e-mail viruses. The AnZenMail server is implemented in Java, a memory-safe language, and so it is free from stack smashing. Some of its safety properties have been formally verified in Coq mostly at the source code level by manually translating Java methods into Coq functions. The AnZenMail client is designed to provide a support for secure execution of mobile code arriving as email attachments. It has plug-in interfaces for code inspection and execution modules such as static analysis tools, runtime/inline reference monitors, and an anti-virus engine, which are currently being developed by members of our research project.

LEAD++: an object-oriented language based on a reflective model for dynamic software adaptation

A software system has dynamic adaptability if it can adapt itself to dynamically changing runtime environments. As open-ended distributed systems and mobile computing systems have spread widely, the need for software systems with dynamic adaptability increases. We propose a software model with dynamic adaptability called DAS and its description language LEAD++. In the DAS model, the basic mechanism for dynamic adaptability is based on adaptable procedures. An adaptable procedure is a variant of generic procedure (function) whose methods are selected depending on the state of its runtime environment. Furthermore, control mechanisms of adaptable procedures-including method selection strategies-are realized using adaptable procedures. Such reflective architecture enables us to write a dynamically adaptable software system in highly flexible and extensible way. LEAD++ is an object-oriented reflective language that provides adaptable procedures and their control mechanisms. We are currently implementing a prototype of LEAD++ as a pre-processor of Java. Using LEAD++, we can systematically describe dynamically adaptable mobile objects, etc.

LEAD: a linguistic approach to dynamic adaptability for practical applications

A system has dynamic adaptability if it adapts itself to a changing runtime environment. As open-ended distributed systems and mobile computing systems have spread widely, the need for software with dynamic adaptability increases. We designed and implemented a language LEAD that provides an architecture for dynamic adaptability. The basic idea is to introduce a mechanism that affects procedure invocation dynamically according to the runtime environment. Using LEAD, we can easily achieve 1) construction of highly extensible dynamically adaptable applications, and 2) addition of dynamic adaptability into existing applications.

An approach for constructing component-based software systems with dynamic adaptability using LEAD++

A software system has dynamic adaptability if it can adapt itself to dynamically changing runtime environments. This means that such a software system can change its own behavior depending on states of runtime environments in flexible way. We have proposed a software model with dynamic adoptability named DAS and its description language LEAD++. The DAS model is a reflective software model, and LEAD++ is an object-oriented reflective language based on Java. In this work, we apply our model to component-based software systems, and introduce dynamic adaptability into them by using LEAD++. The basic approaches are to change dynamically: the structure of component composition; and the inside behavior of each component, depending on the states of runtime environments.

Reflection for Dynamic Adaptibility: A Linguistic Approach Using LEAD++

Nowadays open-ended distributed systems and mobile computing systems have come into wide use. In such systems, we cannot obtain accurate information of dynamically changing runtime environments beforehand. The changes of runtime environments have given a strong in uence on the execution of programs, which we cannot ignore. Thus, the software systems that can adapt themselves to dynamically changing runtime environments are required. We call such software systems dynamically adaptable software systems. In this work, we propose a software model called DAS [1] and its description languages LEAD++ for dynamically adaptable software systems. The DAS model has the mechanism to adapt software systems to dynamically changing runtime environments. We had designed & implemented the language LEAD 1 [2] based on the DAS model. We are currently working on object-oriented reective language LEAD++. Its prototype is a pre-processor of Java. By using them, we can systematically describe dynamically adaptable software systems. To realize dynamically adaptable software systems, it is an e ective way to change the behaviors of each software system depending on the states of runtime environments. However, it is not practical to develop several versions of the same software system depending on each runtime environment and/or its states. Moreover, such behaviors of each software system depending on the states are related with any other parts of it. Thus, it is diAEcult to control such behaviors of each software system from its outside. From such reasons, each software system should have the ability that can adapt itself to dynamically changing runtime environments. We call such ability of software systems dynamic adaptability. The dynamically adaptable software systems (namely, software systems with dynamic adaptability) not only adapt themselves to dynamically changing runtime environments, but also change their own functionalities exibly to make full use of the properties in the runtime environments. However, there is a limitation on runtime environments and their states that software engineers can anticipate beforehand. Thus, there is also a limitation on the dynamic adaptability that the software engineers can give to software systems beforehand. From the reason, the mechanism of dynamic adaptability must be extensible. Namely, the mechanism must be able to change depending on various runtime environments and their states afterward.

Algebraic Specification of Distributed Systems based on Concurrent Object-Oriented Modeling

We propose a new executable algebraic specification method for object-oriented concurrent and distributed systems. We formalize a concurrent object-oriented model that can explicitly handle communication networks. In this model, a system is described as a collection of primitive objects and network objects. We use the algebraic specification language CafeOBJ[Futatsugi and Sawada 1995] [Sawada and Futatsugi 1995] for describing specifications. Since specifications using our method can be executed, the CafeOBJ processor aids semi-automatic verifications. We illustrate some actual verifications via an example.

Towards a specification scheme for context-aware security policies for networked appliances

This paper describes a secure execution scheme for mobile programs running in networked appliances. The potential threat we are considering is the malicious behaviour of the mobile programs. Our security architecture, called Taurus-1, adopts monitored execution as a basic mechanism for enforcing security policies at runtime. To describe a policy for this architecture, we designed an algebraic policy description language Polaris, in which we can specify a policy as a process consisting of abstract events in a monitored program. The program is modified beforehand for effective detection of its malicious behaviour We discuss how Taurus-1 can provide a security enhancement mechanism for context-aware systems such as networked appliances, and discuss how to specify security policies for them.

An Example for Concurrent Reflective Computations in Rewriting Logic

Rewriting logic can represent dynamic behaviours of concurrent and/or reactive systems declaratively. Declarative descriptions in rewriting logic are expected to be amenable to analysis of interesting properties. The group-wide architecture based on the actor model is a specific concurrent reflective computation model based on “group-wide reflection”. It has a potential of modelling cooperative behaviours of several software modules or agents. This paper provides some basic considerations on methods of modelling the group-wide architecture in rewriting logic and a brief proof that the metalevel group of terms correctly represents the operational semantics of the group in terms of transitions of configurations.