Static check analysis for Java stack inspection

Chang, Byeong-Mo

doi:10.1145/1140543.1140550

Cited by 11 publications

(12 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various articles analyze access control in Java and C , see for instance [73,76,72,77]. All these works have mainly focused on the stack inspection mechanism and the notion of granting permissions to code through privileged method calls.…”

Section: Related Workmentioning

confidence: 99%

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Betarte

Luna

2015

CLEIej

View full text Add to dashboard Cite

In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems.The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP) to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device.Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally) that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform.The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree.We develop all our formalizations in the Calculus of Inductive Constructions —formal language that combines a higher-order logic and a richly-typed functional programming language— using the Coq proof assistant.

show abstract

Section: Related Workmentioning

confidence: 99%

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Betarte

Luna

2015

CLEIej

View full text Add to dashboard Cite

show abstract

“…In the theorem, we only consider actual normal call chains which don't contain a privileged call, because stack inspection cannot go further across a privileged call. See [6] for details.…”

Section: Definition 2 a Permission Check Check(p) In A Methods M May mentioning

confidence: 99%

“…It is based on the static permission check analysis proposed in [6], which approximates permission checks statically which must succeed or fail at each method. We first implement the static permission check analysis.…”

Section: Introductionmentioning

confidence: 99%

Visualization of Permission Checks in Java Using Static Analysis

Kim

Chang

Information Security Applications

Self Cite

View full text Add to dashboard Cite

Abstract. The security manager in Java 2 is a runtime access control mechanism. Whenever an access permission to critical resources is requested, the security manager inspects a call stack to examine whether the program has appropriate access permissions or not. This run-time permission check called stack inspection enforces access-control policies that associate access rights with the class that initiates the access. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. It is based on the static permission check analysis which approximates permission checks statically which must succeed or fail at each method. Using the visualization system, programmers can modify programs and policy files if necessary, as they examine how permission checks and their stack inspection are performed. This process can be repeated until the security policy is enforced correctly.

show abstract

“…Optimization can be done through two different strategies: eager [4,5] and lazy [8] computation of the program state. The eager approach avoids numerous re-computation, when the number of security checks is high.…”

Section: Static Analysis For Optimization Of Runtime Checksmentioning

confidence: 99%

“…Algorithmic example of such removal is given by [3]. The implementation of these models can be done with call graphs [8].…”

Section: Static Analysis For Optimization Of Runtime Checksmentioning

confidence: 99%

Component-Based Access Control: Secure Software Composition through Static Analysis

Parrend

Frénot

Software Composition

View full text Add to dashboard Cite

Extensible Component Platforms support the discovery, installation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constraint devices, they have both strong performance and security requirements. The current security model for Java systems, Permissions, are based on call stack analysis. They proves to be very time-consuming, which makes them difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Security Model, which aims at emulating Java Permissions through static analysis at the installation phase of the components. CBAC is based on a fully declarative approach, that makes it possible to tag arbitrary methods as sensitive. A formal model is defined to guarantee that a given component have sufficient access rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code analysis. Performance tests show that the cost of CBAC at install time is negligible, because it is executed together with digital signature which is much more costly. Moreover, contrary to Java Permissions, the CBAC security model does not imply any runtime overhead.

show abstract

Static check analysis for Java stack inspection

Cited by 11 publications

References 19 publications

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Visualization of Permission Checks in Java Using Static Analysis

Component-Based Access Control: Secure Software Composition through Static Analysis

Contact Info

Product

Resources

About