Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ECOOP
2005
Springer
2005
Springer
Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection
In Java 2 and Microsoft .NET Common Language Runtime (CLR), trusted code has often been programmed to perform accessrestricted operations not explicitly requested by its untrusted clients. Since an untrusted client will be on the call stack when access control is enforced, an access-restricted operation will not succeed unless the client is authorized. To avoid this, a portion of the trusted code can be made “privileged.” When access control is enforced, privileged code causes the stack traversal to stop at the trusted code frame, and the untrusted code stack frames will not be checked for authorization. For large programs, manually understanding which portions of code should be made privileged is a difficult task. Developers must understand which authorizations will implicitly be extended to client code and make sure that the values of the variables used by the privileged code are not “tainted” by client code. This paper presents an interprocedural analysis for Java bytecode t...
Real-time Traffic| Added | 27 Jun 2010 |
| Updated | 27 Jun 2010 |
| Type | Conference |
| Year | 2005 |
| Where | ECOOP |
| Authors | Marco Pistoia, Robert J. Flynn, Larry Koved, Vugranam C. Sreedhar |
Comments (0)
Researcher Info
|
