Access rights analysis for Java

Koved, Larry; Pistoia, Marco; Kershenbaum, Aaron

doi:10.1145/582450.582452

Cited by 24 publications

(43 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ACE performs minimization automatically by instantiating all the Permission objects detected, and by then executing the implies method of each Permission object against all the other Permission objects. If p and q are Permission objects required by p, and p.implies(q) returns true, then only p needs to be added to the policy for p. Unlike previous, unsafe policy-minimization approaches [20], ACE prevents potentially-malicious code embedded into implies methods from harming the system by executing implies only under the system SecurityManager.…”

Section: Dynamic Policy Minimizationmentioning

confidence: 99%

“…As such, they were considerably easier to attack than UNIX setuid programs because they lacked the usual separate process/separate address space protections, as shown by Koegel, et al [19]. Koved, et al [20] and Pistoia, et al [26] automate static security analysis for Java authorization and privilege assertion. Zhang, et al [37] enhance those works with an automated native-code model generator to reduce the number of false negatives.…”

Section: Related Workmentioning

confidence: 99%

“…In essence, neither dynamic analysis nor static analysis can independently guarantee the identification of a policy sufficient to execute a program and yet not too permissive. This paper presents a novel combination of static and dynamic analysis extending previous work that was completely based on static analysis [20,26,37]. The contribution of this paper is to achieve precise identification of authorization and privilege-assertion requirements in SBAC systems.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies

Centonze

Flynn

Pistoia

2007

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

Self Cite

View full text Add to dashboard Cite

show abstract

Section: Dynamic Policy Minimizationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies

Centonze

Flynn

Pistoia

2007

Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Koved et al [11] presents a technique for computing the access rights requirements by using a context sensitive, flow sensitive, interprocedural data flow analysis. This analysis computes at each program point the set of access rights required by the code.…”

Section: Related Workmentioning

confidence: 99%

“…Most static analyses approximate stack inspection in terms of permissions [4,5,1,2,11]. Our proposed analysis is unique in that it compute success or fail information in terms of permission checks.…”

Section: Related Workmentioning

confidence: 99%

Visualization of Permission Checks in Java Using Static Analysis

Kim

Chang

Information Security Applications

View full text Add to dashboard Cite

Abstract. The security manager in Java 2 is a runtime access control mechanism. Whenever an access permission to critical resources is requested, the security manager inspects a call stack to examine whether the program has appropriate access permissions or not. This run-time permission check called stack inspection enforces access-control policies that associate access rights with the class that initiates the access. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. It is based on the static permission check analysis which approximates permission checks statically which must succeed or fail at each method. Using the visualization system, programmers can modify programs and policy files if necessary, as they examine how permission checks and their stack inspection are performed. This process can be repeated until the security policy is enforced correctly.

show abstract

Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection

Pistoia

Flynn²,

Koved

et al. 2005

ECOOP 2005 - Object-Oriented Programming

Self Cite

View full text Add to dashboard Cite

Abstract. In Java 2 and Microsoft .NET Common Language Runtime (CLR), trusted code has often been programmed to perform accessrestricted operations not explicitly requested by its untrusted clients. Since an untrusted client will be on the call stack when access control is enforced, an access-restricted operation will not succeed unless the client is authorized. To avoid this, a portion of the trusted code can be made "privileged." When access control is enforced, privileged code causes the stack traversal to stop at the trusted code frame, and the untrusted code stack frames will not be checked for authorization. For large programs, manually understanding which portions of code should be made privileged is a difficult task. Developers must understand which authorizations will implicitly be extended to client code and make sure that the values of the variables used by the privileged code are not "tainted" by client code. This paper presents an interprocedural analysis for Java bytecode to automatically identify which portions of trusted code should be made privileged, ensure that there are no tainted variables in privileged code, and detect "unnecessary" and "redundant" privileged code. We implemented the algorithm and present the results of our analyses on a set of large programs. While the analysis techniques are in the context of Java code, the basic concepts are also applicable to non-Java systems with a similar authorization model.

show abstract

Access rights analysis for Java

Cited by 24 publications

References 13 publications

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies

Visualization of Permission Checks in Java Using Static Analysis

Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection

Contact Info

Product

Resources

About