From Stack Inspection to Access Control: A Security Analysis for Libraries

13 years 8 months ago

Download research.microsoft.com

We present a new static analysis for reviewing the security of libraries for systems, such as JVMs or the CLR, that rely on stack inspection for access control. We describe its implementation for the CLR. Our tool inputs a set of libraries plus a description of the permissions granted to unknown, potentially hostile code. It constructs a permissionsensitive call graph, which can be queried to identify potential security defects. It has been applied to large pre-existing libraries. We also develop a new formal model of the essentials of access control in the CLR (types, classes and inheritance, access modifiers, permissions, and stack inspection). In this model, we state and prove the correctness of the analysis.

Frédéric Besson, Tomasz Blanc, C&eac

Real-time Traffic

Access Control | CSFW 2004 | Large Pre-existing Libraries | Security Privacy | Stack Inspection |

claim paper

» Using Access Control for Secure Information Flow in a Javalike Language

» ComponentBased Access Control Secure Software Composition through Static Analysis

» Policy Analysis for Administrative Role Based Access Control

» A microkernel virtual machine building security with clear interfaces

» A Module System for Isolating Untrusted Software Extensions

» Securing web application code by static analysis and runtime protection

» Workload Characterization of a Lightweight SSL Implementation Resistant to SideChannel Att...

» Bytecode Rewriting in Tom

Post Info
More Details (n/a)

Added	20 Aug 2010
Updated	20 Aug 2010
Type	Conference
Year	2004
Where	CSFW
Authors	Frédéric Besson, Tomasz Blanc, Cédric Fournet, Andrew D. Gordon

Comments (0)

Sciweavers

From Stack Inspection to Access Control: A Security Analysis for Libraries

Access Control | CSFW 2004 | Large Pre-existing Libraries | Security Privacy | Stack Inspection |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers