Static enforcement of security with types

SkalkaChristian,; SmithScott,

doi:10.1145/357766.351244

Cited by 22 publications

(39 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A major topic of recent interest is secure information flow [Abadi et al 1999;Denning 1976;Smith and Volpano 1998;Volpano and Smith 1997], which associates high and low security levels with expressions and tries to prevent high-security data from "leaking" to low-security outputs. Other examples of security-related annotation systems are lambda calculus with trust annotations [Ørbaek and Palsberg 1997] and Java security checking [Skalka and Smith 2000]. These systems include checks for implicit flows from conditional guards to the body of the conditional.…”

Section: Flow-insensitive Type Qualifiersmentioning

confidence: 99%

Flow-insensitive type qualifiers

Foster

Johnson

Kodumal

et al. 2006

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

We describe flow-insensitive type qualifiers, a lightweight, practical mechanism for specifying and checking properties not captured by traditional type systems. We present a framework for adding new, user-specified type qualifiers to programming languages with static type systems, such as C and Java. In our system, programmers add a few type qualifier annotations to their program, and automatic type qualifier inference determines the remaining qualifiers and checks the annotations for consistency. We describe a tool CQUAL for adding type qualifiers to the C programming language. Our tool CQUAL includes a visualization component for displaying browsable inference results to the programmer. Finally, we present several experiments using our tool, including inferring const qualifiers, finding security vulnerabilities in several popular C programs, and checking initialization data usage in the Linux kernel. Our results suggest that inference and visualization make type qualifiers lightweight, that type qualifier inference scales to large programs, and that type qualifiers are applicable to a wide variety of problems.

show abstract

Section: Flow-insensitive Type Qualifiersmentioning

confidence: 99%

Flow-insensitive type qualifiers

Foster

Johnson

Kodumal

et al. 2006

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

show abstract

“…Based on this insight, Skalka and Smith [2000] have developed a static type system of code-level access control for a variant of the lambda calculus by refining the type system of the lambda calculus with access privilege information. They have proved the soundness of the type system, which ensures that a well-typed program will not cause security violation.…”

Section: Introductionmentioning

confidence: 99%

“…Pottier et al [2005] further refined this type system. Banerjee and Naumann [2001] have defined a denotational semantics for a language similar to the calculus considered in Skalka and Smith [2000] and Pottier et al [2005], which provides additional assurance of the safety of this type-based approach. As a static verification system, this approach does not incur any runtime overhead, and detects all access violations at compile time.…”

Section: Introductionmentioning

confidence: 99%

“…Since underlying type systems only check the type consistency of each instruction against the machine state and do not reflect static semantics of the code, it is not immediately obvious that the idea of static access effect, as exploited in Skalka and Smith [2000] and Pottier et al [2005], can be smoothly integrated.…”

Section: Introductionmentioning

confidence: 99%

“…In this formalism, the type system represents static semantics of a code language, just as the type system of the lambda calculus does. This property allows us to transfer the concepts and methods developed for the lambda calculus in Skalka and Smith [2000] to the Java bytecode language.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A static type system for JVM access control

Higuchi

Ohori

2007

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

This article presents a static type system for the Java virtual machine (JVM) code that enforces an access control mechanism similar to that found in a Java implementation. In addition to verifying type consistency of a given JVM code, the type system statically verifies whether the code accesses only those resources that are granted by the prescribed access policy. The type system is proved to be sound with respect to an operational semantics that enforces access control dynamically, similar to Java stack inspection. This result ensures that "well-typed code cannot violate access policy." The authors then develop a type inference algorithm and show that it is sound with respect to the type system. These results allow us to develop a static system for JVM access control, without resorting to costly runtime stack inspection. ACM Reference Format:Higuchi, T. and Ohori, A. 2007. A static type system for JVM access control.

show abstract

A Tail-Recursive Semantics for Stack Inspections

Clements

Felleisen

2003

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. Security folklore holds that a security mechanism based on stack inspection is incompatible with a global tail call optimization policy. An implementation of such a language may have to allocate memory for a source-code tail call, and a program that uses only tail calls (and no other memory-allocating construct) may nevertheless exhaust the available memory. In this paper, we prove this widely held belief wrong. We exhibit an abstract machine for a language with security stack inspection whose space consumption function is equivalent to that of the canonical tail call optimizing abstract machine. Our machine is surprisingly simple and suggests that tail-calls are as easy to implement in a security setting as they are in a conventional one.

show abstract

Static enforcement of security with types

Cited by 22 publications

References 11 publications

Flow-insensitive type qualifiers

Flow-insensitive type qualifiers

A static type system for JVM access control

A Tail-Recursive Semantics for Stack Inspections

Contact Info

Product

Resources

About