Access rights analysis for Java

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Access rights analysis for Java

Full text

Pdf (361 KB)

Source

Conference on Object Oriented Programming Systems Languages and Applications archive
Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications table of contents

Seattle, Washington, USA

SESSION: Tools table of contents

Pages: 359 - 372

Year of Publication: 2002

ISBN:1-58113-471-1

Also published in ...

Authors

Larry Koved	IBM T.J. Watson Research Center, Yorktown Heights, New York
Marco Pistoia	IBM T.J. Watson Research Center, Yorktown Heights, New York
Aaron Kershenbaum	IBM T.J. Watson Research Center, Yorktown Heights, New York

Sponsors

ACM: Association for Computing Machinery
SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 4, Downloads (12 Months): 49, Citation Count: 22

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/582419.582452 What is a DOI?

ABSTRACT

Java 2 has a security architecture that protects systems from unauthorized access by mobile or statically configured code. The problem is in manually determining the set of security access rights required to execute a library or application. The commonly used strategy is to execute the code, note authorization failures, allocate additional access rights, and test again. This process iterates until the code successfully runs for the test cases in hand. Test cases usually do not cover all paths through the code, so failures can occur in deployed systems. Conversely, a broad set of access rights is allocated to the code to prevent authorization failures from occurring. However, this often leads to a violation of the "Principle of Least Privilege"This paper presents a technique for computing the access rights requirements by using a context sensitive, flow sensitive, interprocedural data flow analysis. By using this analysis, we compute at each program point the set of access rights required by the code. We model features such as multi-threading, implicitly defined security policies, the semantics of the Permission.implies method and generation of a security policy description. We implemented the algorithms and present the results of our analysis on a set of programs. While the analysis techniques described in this paper are in the context of Java code, the basic techniques are applicable to access rights analysis issues in non-Java-based systems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ole Agesen, The Cartesian Product Algorithm: Simple and Precise Type Inference Of Parametric Polymorphism, Proceedings of the 9th European Conference on Object-Oriented Programming, p.2-26, August 07-11, 1995
	2	David F. Bacon , Peter F. Sweeney, Fast static analysis of C++ virtual function calls, Proceedings of the 11th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.324-341, October 06-10, 1996, San Jose, California, United States
	3	David Francis Bacon , Susan L. Graham, Fast and effective optimization of statically typed object-oriented languages, 1997
	4	A. Banerjee and D. A. Naumann. A Simple Semantics and Static Analysis for Java Security. Stevens Institute of Technology, CS Report 2001-1, July 2001.
	5	M. Bartoletti, P. Degano, and G. Ferrari. Static Analysis for Stack Inspection. Proceedings of ConCoord, Lipari, Italy, 6--8 July 2001, ENTCS 54, Elsevier Science B. V., 2001.
	6	David Grove , Greg DeFouw , Jeffrey Dean , Craig Chambers, Call graph construction in object-oriented languages, Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.108-124, October 05-09, 1997, Atlanta, Georgia, United States
	7	Jeffrey Dean , David Grove , Craig Chambers, Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis, Proceedings of the 9th European Conference on Object-Oriented Programming, p.77-101, August 07-11, 1995
	8	D. Dean , Felten , Wallach, Java Security: From HotJava to Netscape and Beyond, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.190, May 06-08, 1996
	9	Drew Dean, The security of static typing with dynamic linking, Proceedings of the 4th ACM conference on Computer and communications security, p.18-27, April 01-04, 1997, Zurich, Switzerland [doi>10.1145/266420.266428]
	10	Drew Dean , Edward W. Felten , Dan S. Wallach , Dirk Balfanz, Java security: Web browsers and beyond, Internet besieged: countering cyberspace scofflaws, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1997
	11	Richard Drews Dean , Andrew Appel, Formal aspects of mobile code security, 1999
	12	Ulfar Erlingsson , Fred B. Schneider, IRM Enforcement of Java Stack Inspection, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.246, May 14-17, 2000
	13	L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. Proceedings of the USENIX Symposium on Internet Technologies and Systems, 103--112, Monterey, CA., December 1997.
	14	L. Gong and R. Schemers. Implementing Protection Domains in the Java Development Kit 1.2.
	15	Li Gong, Inside Java 2 platform security architecture, API design, and implementation, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	16	David Grove , Craig Chambers, A framework for call graph construction algorithms, ACM Transactions on Programming Languages and Systems (TOPLAS), v.23 n.6, p.685-746, November 2001 [doi>10.1145/506315.506316]
	17	T. Jensen D. Le Matayer and T. Thorn. Verification of control flow based security properties. IRISA, Publication interne no. 1210, October 1998.
	18	Gary A. Kildall, A unified approach to global program optimization, Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.194-206, October 01-03, 1973, Boston, Massachusetts [doi>10.1145/512927.512945]
	19	G. McGraw and E.W. Felten. Securing Java. John Wiley & Sons, Inc., New York. 1999.
	20	Greg Morrisett , David Walker , Karl Crary , Neal Glew, From system F to typed assembly language, ACM Transactions on Programming Languages and Systems (TOPLAS), v.21 n.3, p.527-568, May 1999 [doi>10.1145/319301.319345]
	21	Steven S. Muchnick, Advanced compiler design and implementation, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1998
	22	Rickard Oberg, Mastering RMI: Developing Enterprise Applications in Java and EJB, John Wiley & Sons, Inc., New York, NY, 2001
	23	Marco Pistoia , Deepak Gupta , Duane F. Reller , Milind Nagnur , Ashok K. Ramani, Java 2 Network Security, Prentice Hall PTR, Upper Saddle River, NJ, 1999
	24	John Plevyak , Andrew A. Chien, Precise concrete type inference for object-oriented languages, Proceedings of the ninth annual conference on Object-oriented programming systems, language, and applications, p.324-340, October 23-28, 1994, Portland, Oregon, United States
	25	François Pottier , Christian Skalka , Scott F. Smith, A Systematic Approach to Static Access Control, Proceedings of the 10th European Symposium on Programming Languages and Systems, p.30-45, April 02-06, 2001
	26	Saltzer J.H. and M.D.Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE 63 9 (Sept.1975), 1278--1308.
	27	O. Shivers, Control flow analysis in scheme, Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation, p.164-174, June 20-24, 1988, Atlanta, Georgia, United States
	28	Vijay Sundaresan , Laurie Hendren , Chrislain Razafimahefa , Raja Vallée-Rai , Patrick Lam , Etienne Gagnon , Charles Godin, Practical virtual method call resolution for Java, Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.264-280, October 2000, Minneapolis, Minnesota, United States
	29	Frank Tip , Jens Palsberg, Scalable propagation-based call graph construction algorithms, Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.281-293, October 2000, Minneapolis, Minnesota, United States
	30	Dan S. Wallach , Dirk Balfanz , Drew Dean , Edward W. Felten, Extensible security architectures for Java, Proceedings of the sixteenth ACM symposium on Operating systems principles, p.116-128, October 05-08, 1997, Saint Malo, France
	31	D.S. Wallach and E.W. Felten. Understanding Java Stack Inspection. Proceedings of the 1998 IEEE Symposium on Security and Privacy (Oakland, California), May 1998.
	32	Dan Seth Wallach , Edward Felten, A new approach to mobile code security, 1999

CITED BY 22

	Hao Chen , David Wagner, MOPS: an infrastructure for examining security properties of software, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
	Antony Edwards , Trent Jaeger , Xiaolan Zhang, Runtime verification of authorization hook placement for the linux security modules framework, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
	Gleb Naumovich , Paolina Centonze, Static analysis of role-based access control in J2EE applications, ACM SIGSOFT Software Engineering Notes, v.29 n.5, September 2004
	Trent Jaeger , Antony Edwards , Xiaolan Zhang, Consistency analysis of authorization hook placement in the Linux security modules framework, ACM Transactions on Information and System Security (TISSEC), v.7 n.2, p.175-205, May 2004
	Hao Chen , Jonathan S. Shapiro, Using build-integrated static checking to preserve correctness invariants, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Darrell Reimer , Edith Schonberg , Kavitha Srinivas , Harini Srinivasan , Julian Dolby , Aaron Kershenbaum , Larry Koved, Validating structural properties of nested objects, Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 24-28, 2004, Vancouver, BC, CANADA
	Darrell Reimer , Edith Schonberg , Kavitha Srinivas , Harini Srinivasan , Bowen Alpern , Robert D. Johnson , Aaron Kershenbaum , Larry Koved, SABER: smart analysis based error reduction, ACM SIGSOFT Software Engineering Notes, v.29 n.4, July 2004
	Tomoyuki Higuchi , Atsushi Ohori, A static type system for JVM access control, ACM SIGPLAN Notices, v.38 n.9, p.227-237, September 2003
	Zhendong Su , Gary Wassermann, The essence of command injection attacks in web applications, ACM SIGPLAN Notices, v.41 n.1, p.372-382, January 2006
	François Pottier , Christian Skalka , Scott Smith, A systematic approach to static access control, ACM Transactions on Programming Languages and Systems (TOPLAS), v.27 n.2, p.344-382, March 2005
	Vinod Ganapathy , Trent Jaeger , Somesh Jha, Automatic placement of authorization hooks in the linux security modules framework, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Xiaolan Zhang , Larry Koved , Marco Pistoia , Sam Weber , Trent Jaeger , Guillaume Marceau , Liangzhao Zeng, The case for analysis preserving language transformation, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA
	Paolina Centonze , Gleb Naumovich , Stephen J. Fink , Marco Pistoia, Role-Based access control consistency validation, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA
	Byeong-Mo Chang, Static check analysis for Java stack inspection, ACM SIGPLAN Notices, v.41 n.3, March 2006
	Carla Marceau , Rob Joyce, Empirical privilege profiling, Proceedings of the 2005 workshop on New security paradigms, September 20-23, 2005, Lake Arrowhead, California
	Tomoyuki Higuchi , Atsushi Ohori, A static type system for JVM access control, ACM Transactions on Programming Languages and Systems (TOPLAS), v.29 n.1, p.4-es, January 2007
	Xiaolan Zhang , Antony Edwards , Trent Jaeger, Using CQUAL for Static Analysis of Authorization Hook Placement, Proceedings of the 11th USENIX Security Symposium, p.33-48, August 05-09, 2002
	Frédéric Besson , Thomas De Grenier DeLatour , Thomas Jensen, Interfaces for stack inspection, Journal of Functional Programming, v.15 n.2, p.179-217, March 2005
	A. Prasad Sistla , V. N. Venkatakrishnan , Michelle Zhou , Hilary Branske, CMV: automatic verification of complete mediation for java virtual machines, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Marco Pistoia , Úlfar Erlingsson, Programming languages and program analysis for security: a three-year retrospective, ACM SIGPLAN Notices, v.43 n.12, December 2008
	Dries Vanoverberghe , Frank Piessens, Security enforcement aware software development, Information and Software Technology, v.51 n.7, p.1172-1185, July, 2009
	Emmanuel Geay , Marco Pistoia , Takaaki Tateishi , Barbara G. Ryder , Julian Dolby, Modular string-sensitive permission analysis with demand-driven precision, Proceedings of the 2009 IEEE 31st International Conference on Software Engineering, p.177-187, May 16-24, 2009