Interprocedural slicing using dependence graphs
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Control flow analysis in scheme
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
Thinking in Java
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Linux Security Modules: General Security Support for the Linux Kernel
Proceedings of the 11th USENIX Security Symposium
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Software Security: Building Security In
Software Security: Building Security In
Robust composition: towards a unified approach to access control and concurrency control
Robust composition: towards a unified approach to access control and concurrency control
Modular string-sensitive permission analysis with demand-driven precision
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
The 6th International Workshop on Software Engineering for Secure Systems (SESS'10)
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
| Hi-index | 0.00 |
Applications are typically executed in the security context of the user. Nonetheless, they do not need all the access rights. Since software vulnerabilities based attacks are not rare nowadays, executing applications with minimal rights (least privileges) is desirable. Attackers would only be able to access a fraction of resources. The state-of-the-art on application-based access control policy generation does not generate least privileges policies. They include generic access rights for user resources (e.g. the home directory), since accesses by the user cannot be predicted. This paper distinguishes resource accesses initiated by the application from those initiated by the user and generates an application policy, which only contains access rights that are not derived from user interaction. The so generated policy satisfies the principle of least privileges. User initiated accesses are handled separately at runtime. In this paper, a call graph based static analysis approach for application policy generation is chosen, which is augmented by an additional string analysis to identify user input propagating through the application's control flow, until it reaches permission checks. This way, user initiated accesses are determined and filtered. The policy is auto-generated at development time with little effort for the developer.