Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICSE
2009
IEEE-ACM
2009
IEEE-ACM
Modular string-sensitive permission analysis with demand-driven precision
In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.
Real-time Traffic| Added | 17 Nov 2009 |
| Updated | 17 Nov 2009 |
| Type | Conference |
| Year | 2009 |
| Where | ICSE |
| Authors | Emmanuel Geay, Marco Pistoia, Takaaki Tateishi, Barbara G. Ryder, Julian Dolby |
Comments (0)
Researcher Info
|
