ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Stack inspection: Theory and variants
Full text PdfPdf (357 KB)
Source ACM Transactions on Programming Languages and Systems (TOPLAS) archive
Volume 25 ,  Issue 3  (May 2003) table of contents
Pages: 360 - 399  
Year of Publication: 2003
ISSN:0164-0925
Authors
Cédric Fournet  Microsoft Research, Cambridge, United Kingdom
Andrew D. Gordon  Microsoft Research, Cambridge, United Kingdom
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 5,   Downloads (12 Months): 92,   Citation Count: 11
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/641909.641912
What is a DOI?

ABSTRACT

Stack inspection is a security mechanism implemented in runtimes such as the JVM and the CLR to accommodate components with diverse levels of trust. Although stack inspection enables the fine-grained expression of access control policies, it has rather a complex and subtle semantics. We present a formal semantics and an equational theory to explain how stack inspection affects program behavior and code optimisations. We discuss the security properties enforced by stack inspection, and also consider variants with stronger, simpler properties.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Abadi, M. and Fournet, C. 2003. Access control based on execution history. In Proceedings of the 10th Annual Network and Distributed System Symposium (NDSS'03). Internet Society, 107--121.
2
Martín Abadi , Butler Lampson , Jean-Jacques Lévy, Analysis and caching of dependencies, Proceedings of the first ACM SIGPLAN international conference on Functional programming, p.83-91, May 24-26, 1996, Philadelphia, Pennsylvania, United States
 
3
Samson Abramsky , C.-H. Luke Ong, Full abstraction in the lazy lambda calculus, Information and Computation, v.105 n.2, p.159-267, Aug. 1993  [doi>10.1006/inco.1993.1044]
 
4
Banerjee, A. and Naumann, D. 2001. A simple semantics and static analysis for Java security. CS Report 2001--1, Stevens Institute of Technology.
5
Anindya Banerjee , David A. Naumann, Representation independence, confinement and access control [extended abstract], Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.166-177, January 16-18, 2002, Portland, Oregon
 
6
Bartoletti, M., Degano, P., and Ferrari, G. 2001. Static analysis for stack inspection. In ConCoord: International Workshop on Concurrency and Coordination. ENTCS, vol. 54. Elsevier North-Holland, Amsterdam, The Netherlands.
7
Nick Benton , Andrew Kennedy , George Russell, Compiling standard ML to Java bytecodes, Proceedings of the third ACM SIGPLAN international conference on Functional programming, p.129-140, September 26-29, 1998, Baltimore, Maryland, United States
 
8
Frédéric Besson , Thomas Jensen , Daniel Le Métayer , Tommy Thorn, Model checking security properties of control flow graphs, Journal of Computer Security, v.9 n.3, p.217-250, January 2001
 
9
Don Box , Ted Pattison, Essential .NET: The Common Language Runtime, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
 
10
Ulfar Erlingsson , Fred B. Schneider, IRM Enforcement of Java Stack Inspection, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.246, May 14-17, 2000
 
11
Fournet, C. and Gordon, A. D. 2001. Stack inspection: Theory and variants. Tech. Rep. MSR--TR--2001--103, Microsoft Research. http://research.microsoft.com/scripts/pubs/view.asp?TR_ID=MSR-TR-2001-103.
12
Cédric Fournet , Andrew D. Gordon, Stack inspection: theory and variants, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.307-318, January 16-18, 2002, Portland, Oregon
 
13
Li Gong, Inside Java 2 platform security architecture, API design, and implementation, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
 
14
Andrew D. Gordon , Andrew M. Pitts, Higher order operational techniques in semantics, Cambridge University Press, New York, NY, 1999
15
Dan Grossman , Greg Morrisett , Steve Zdancewic, Syntactic type abstraction, ACM Transactions on Programming Languages and Systems (TOPLAS), v.22 n.6, p.1037-1080, Nov. 2000  [doi>10.1145/371880.371887]
16
Norman Hardy , Norm Hardy, The Confused Deputy: (or why capabilities might have been invented), ACM SIGOPS Operating Systems Review, v.22 n.4, p.36-38, Oct. 1988
 
17
Douglas J. Howe, Proving congruence of bisimulation in functional programming languages, Information and Computation, v.124 n.2, p.103-112, Feb. 1, 1996  [doi>10.1006/inco.1996.0008]
 
18
Jensen, T., Metayer, D. L., and Thorn, T. 1999. Verification of control flow based security properties. In Proceedings of the 1999 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, Calif., 89--103.
 
19
Guenter Karjoth, An Operational Semantics of Java 2 Access Control, Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW'00), p.224, July 03-05, 2000
 
20
.NET framework security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
 
21
François Rouaix , Xavier Leroy, Security properties of typed applets, Secure Internet programming: security issues for mobile and distributed objects, Springer-Verlag, London, 2001
 
22
Tim Lindholm , Frank Yellin, Java Virtual Machine Specification, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
 
23
Microsoft. 2001. NET Framework Developer's Guide: Security Optimizations. http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsecurityoptimizations.asp.
 
24
Milner, R. 1977. Fully abstract models of typed lambda-calculi. Theoret. Comput. Sci. 4, 1--23.
 
25
Eugenio Moggi, Notions of computation and monads, Information and Computation, v.93 n.1, p.55-92, July 1991  [doi>10.1016/0890-5401(91)90052-4]
 
26
Morris, J. H. 1968. Lambda-calculus models of programming languages. Ph.D. dissertation. MIT Cambridge, Mass.
27
Andrew C. Myers, JFlow: practical mostly-static information flow control, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.228-241, January 20-22, 1999, San Antonio, Texas, United States  [doi>10.1145/292540.292561]
 
28
Ørbæek, P. and Palsberg, J. 1997. Trust in the λ-calculus. J. Funct. Prog. 3, 2, 75--85.
 
29
Plotkin, G. D. 1975. Call-by-name, call-by-value and the λ-calculus. Theoret. Comput. Sci. 1, 125--159.
 
30
François Pottier , Christian Skalka , Scott F. Smith, A Systematic Approach to Static Access Control, Proceedings of the 10th European Symposium on Programming Languages and Systems, p.30-45, April 02-06, 2001
 
31
Schinz, M. and Odersky, M. 2001. Tail call elimination on the Java Virtual Machine. In Proceedings of the SIGPLAN Workshop on Multi-Language Infrastructure and Interoperability (BABEL'01). ENTCS, vol. 59(1). Elsevier North Holland, Amsterdam, The Netherlands, 155--168.
32
Christian Skalka , Scott Smith, Static enforcement of security with types, Proceedings of the fifth ACM SIGPLAN international conference on Functional programming, p.34-45, September 2000
33
Dan S. Wallach , Andrew W. Appel , Edward W. Felten, SAFKASI: a security mechanism for language-based systems, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.341-378, Oct. 2000  [doi>10.1145/363516.363520]

CITED BY  11
Karl Krukow , Mogens Nielsen , Vladimiro Sassone, A framework for concrete reputation-systems with applications to history-based access control, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Massimo Bartoletti , Pierpaolo Degano , Gian Luigi Ferrari, Policy framings for access control, Proceedings of the 2005 workshop on Issues in the theory of security, p.5-11, January 10-11, 2005, Long Beach, California
Mads Sig Ager , Olivier Danvy , Jan Midtgaard, A functional correspondence between monadic evaluators and abstract machines for languages with computational effects, Theoretical Computer Science, v.342 n.1, p.149-172, 6 September 2005
Byeong-Mo Chang, Static check analysis for Java stack inspection, ACM SIGPLAN Notices, v.41 n.3, March 2006
Magorzata Biernacka , Olivier Danvy, A syntactic correspondence between context-sensitive calculi and abstract machines, Theoretical Computer Science, v.375 n.1-3, p.76-108, May, 2007
Philip W. L. Fong, Reasoning about safety properties in a JVM-like environment, Science of Computer Programming, v.67 n.2-3, p.278-300, July, 2007
Karl Krukow , Mogens Nielsen , Vladimiro Sassone, A logical framework for history-based access control and reputation systems, Journal of Computer Security, v.16 n.1, p.63-101, January 2008
Daniel S. Dantas , David Walker , Geoffrey Washburn , Stephanie Weirich, AspectML: A polymorphic aspect-oriented functional programming language, ACM Transactions on Programming Languages and Systems (TOPLAS), v.30 n.3, p.1-60, May 2008
Marco Pistoia , Úlfar Erlingsson, Programming languages and program analysis for security: a three-year retrospective, ACM SIGPLAN Notices, v.43 n.12, December 2008
Arnar Birgisson , Úlfar Erlingsson, An implementation and semantics for transactional memory introspection in Haskell, Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security, June 15-21, 2009, Dublin, Ireland
Massimo Bartoletti , Pierpaolo Degano , Gian-Luigi Ferrari , Roberto Zunino, Local policies for resource usage analysis, ACM Transactions on Programming Languages and Systems (TOPLAS), v.31 n.6, p.1-43, August 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.3 PROGRAMMING LANGUAGES
      D.3.1 Formal Definitions and Theory

Additional Classification:
  D. Software
  D.3 PROGRAMMING LANGUAGES
      D.3.3 Language Constructs and Features

  F. Theory of Computation
  F.3 LOGICS AND MEANINGS OF PROGRAMS
      F.3.1 Specifying and Verifying and Reasoning about Programs
      F.3.2 Semantics of Programming Languages
      F.3.3 Studies of Program Constructs

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Languages, Security, Theory


Keywords:
Access control, contextual equivalence, equational reasoning, operational semantics, stack inspection


REVIEW

"Maulik A Dave : Reviewer"

For software written with components that have different levels of trust, safe runs are a major concern. Stack inspection is one technique used to ensure these safe runs. When untrusted and trusted components call each others¿ functions, stack ins  more...

Collaborative Colleagues:
Cédric Fournet: colleagues
Andrew D. Gordon: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player