Title :
Bytecode Verification for Enhanced JVM Access Control
Author_Institution :
Sch. of Inf. Sci. & Technol., Tokyo Univ.
Abstract :
This paper presents an approach to addressing the known weaknesses and security issues of JVM stack inspection in a unified framework. We first propose an enhanced JVM access control mechanism. In this mechanism, values are also associated with security levels. When enforcing access control, this mechanism checks not only the permissions of code on stack as the usual stack inspection, but also the security levels of values to make sure they are used legally. We then present a static type system to verify whether a bytecode program satisfies the security property achieved by this enhanced mechanism. This type system performs modular and context-sensitive analysis at the method level by generating and solving constraints, and path-sensitive analysis at the code block level by using a trace-based approach. In addition, this type system does not need any user annotation for verification
Keywords :
Java; authorisation; program verification; JVM access control; JVM stack inspection; bytecode verification; security issues; trace-based approach; Access control; Failure analysis; Information security; Inspection; Java; Optimization methods; Performance analysis; Permission; Protection; Runtime;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.55
