Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
The security of static typing with dynamic linking
Proceedings of the 4th ACM conference on Computer and communications security
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Advanced compiler design and implementation
Advanced compiler design and implementation
A security analysis of VAX VMS
ACM '85 Proceedings of the 1985 ACM annual conference on The range of computing : mid-80's perspective: mid-80's perspective
A sound type system for secure flow analysis
Journal of Computer Security
A slicing-based approach for locating type errors
ACM Transactions on Software Engineering and Methodology (TOSEM)
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Java 2 Network Security
Programming Perl
Access rights analysis for Java
OOPSLA '02 Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
A Systematic Approach to Static Access Control
ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis
ECOOP '95 Proceedings of the 9th European Conference on Object-Oriented Programming
The Cartesian Product Algorithm: Simple and Precise Type Inference Of Parametric Polymorphism
ECOOP '95 Proceedings of the 9th European Conference on Object-Oriented Programming
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Programming .NET Security
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A new approach to mobile code security
A new approach to mobile code security
From Stack Inspection to Access Control: A Security Analysis for Libraries
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Stack inspection and secure program transformations
International Journal of Information Security - Special issue on security in global computing
Static analysis of role-based access control in J2EE applications
ACM SIGSOFT Software Engineering Notes
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Dimensions of precision in reference analysis of object-oriented programming languages
CC'03 Proceedings of the 12th international conference on Compiler construction
Java security: from hotjava to netscape and beyond
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Data-centric security: role analysis and role typestates
Proceedings of the eleventh ACM symposium on Access control models and technologies
A microkernel virtual machine:: building security with clear interfaces
Proceedings of the 2006 workshop on Programming languages and analysis for security
Role-Based access control consistency validation
Proceedings of the 2006 international symposium on Software testing and analysis
The case for analysis preserving language transformation
Proceedings of the 2006 international symposium on Software testing and analysis
When Role Models Have Flaws: Static Validation of Enterprise Security Policies
ICSE '07 Proceedings of the 29th international conference on Software Engineering
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Modular string-sensitive permission analysis with demand-driven precision
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Program analysis for security and privacy
ECOOP'06 Proceedings of the 2006 conference on Object-oriented technology: ECOOP 2006 workshop reader
Tainted flow analysis on e-SSA-form programs
CC'11/ETAPS'11 Proceedings of the 20th international conference on Compiler construction: part of the joint European conferences on theory and practice of software
A security policy oracle: detecting security holes using multiple API implementations
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
RoleCast: finding missing security checks when you do not know what checks are
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
SAFERPHP: finding semantic vulnerabilities in PHP applications
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Recovering role-based access control security models from dynamic web applications
ICWE'12 Proceedings of the 12th international conference on Web Engineering
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Efficient static checker for tainted variable attacks
Science of Computer Programming
| Hi-index | 0.00 |
In Java 2 and Microsoft .NET Common Language Runtime (CLR), trusted code has often been programmed to perform access-restricted operations not explicitly requested by its untrusted clients. Since an untrusted client will be on the call stack when access control is enforced, an access-restricted operation will not succeed unless the client is authorized. To avoid this, a portion of the trusted code can be made “privileged.” When access control is enforced, privileged code causes the stack traversal to stop at the trusted code frame, and the untrusted code stack frames will not be checked for authorization. For large programs, manually understanding which portions of code should be made privileged is a difficult task. Developers must understand which authorizations will implicitly be extended to client code and make sure that the values of the variables used by the privileged code are not “tainted” by client code. This paper presents an interprocedural analysis for Java bytecode to automatically identify which portions of trusted code should be made privileged, ensure that there are no tainted variables in privileged code, and detect “unnecessary” and “redundant” privileged code. We implemented the algorithm and present the results of our analyses on a set of large programs. While the analysis techniques are in the context of Java code, the basic concepts are also applicable to non-Java systems with a similar authorization model.