• DocumentCode
    3129219
  • Title

    From stack inspection to access control: a security analysis for libraries

  • Author

    Besson, Frédéric ; Blanc, Tomasz ; Fournet, Cédric ; Gordon, Andrew D.

  • fYear
    2004
  • fDate
    28-30 June 2004
  • Firstpage
    61
  • Lastpage
    75
  • Abstract
    We present a new static analysis for reviewing the security of libraries for systems, such as JVMs or the CLR, that rely on stack inspection for access control. We describe its implementation for the CLR. Our tool inputs a set of libraries plus a description of the permissions granted to unknown, potentially hostile code. It constructs a permission-sensitive call graph, which can be queried to identify potential security defects. It has been applied to large pre-existing libraries. We also develop a new formal model of the essentials of access control in the CLR (types, classes and inheritance, access modifiers, permissions, and stack inspection). In this model, we state and prove the correctness of the analysis.
  • Keywords
    authorisation; object-oriented programming; program diagnostics; software libraries; CLR; JVM; access control; access modifier; formal model; permission-sensitive call graph; potential security defects; potentially hostile code; security analysis; software libraries; stack inspection; static analysis; Access control; Documentation; Inspection; Java; Permission; Runtime library; Security; Software libraries; Testing; Virtual machining;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE
  • ISSN
    1063-6900
  • Print_ISBN
    0-7695-2169-X
  • Type

    conf

  • DOI
    10.1109/CSFW.2004.1310732
  • Filename
    1310732
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3129219