Interprocedural slicing using dependence graphs
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Control flow analysis in scheme
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Componential set-based analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Data-flow analysis of program fragments
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
A framework for call graph construction algorithms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Enforcing Robust Declassification
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Modular set-based analysis from contracts
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Journal of Software Maintenance and Evolution: Research and Practice - Source Code Analysis and Manipulation (SCAM 2006)
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
SessionShield: lightweight protection against session hijacking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Transactions on computational science XI
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Hi-index | 0.00 |
In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.