Verifying resource access control on mobile interactive devices

Authors:
Frédéric Besson;Guillaume Dufay;Thomas Jensen;David Pichardie
Affiliations:
Inria Rennes, Campus de Beaulieu, Rennes Cedex, France;Inria Rennes, Campus de Beaulieu, Rennes Cedex, France and Trusted Labs, Versailles, France;CNRS, Campus de Beaulieu, Rennes Cedex, France;(Correspd. E-mail: david.pichardie@irisa.fr) Inria Rennes, Campus de Beaulieu, Rennes Cedex, France
Venue:
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Year:
2010

Citing 15
Cited 0

Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Introduction to set constraint-based program analysis

Science of Computer Programming
Stack inspection: theory and variants

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Resource usage analysis

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Resource access control in systems of mobile agents

Information and Computation
Model checking security properties of control flow graphs

Journal of Computer Security
Principles of Program Analysis

Principles of Program Analysis
A Systematic Approach to Static Access Control

ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Interfaces for stack inspection

Journal of Functional Programming
A class of polynomially solvable range constraints for interval analysis without widenings

Theoretical Computer Science - Tools and algorithms for the construction and analysis of systems (TACAS 2004)
Extracting control from data: user interfaces of MIDP applications

TGC'07 Proceedings of the 3rd conference on Trustworthy global computing
Enforcing resource bounds via static verification of dynamic checks

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
History-based access control with local policies

FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
A formal model of access control for mobile interactive devices

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Accelerated data-flow analysis

SAS'07 Proceedings of the 14th international conference on Static Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operational semantics and provide a formal definition of the basic security policy to enforce viz that an application will always ask for a permission before using it to access a resource. A static analysis which enforces the security policy is defined and proved correct. A constraint solving algorithm implementing the analysis is presented.