An efficient security verification method for programs with stack inspection

Authors:
Naoya Nitta;Yoshiaki Takata;Hiroyuki Seki
Affiliations:
Nara Institute of Science and Technology, Takayama, Ikoma, Nara, Japan;Nara Institute of Science and Technology, Takayama, Ikoma, Nara, Japan;Nara Institute of Science and Technology, Takayama, Ikoma, Nara, Japan
Venue:
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Year:
2001

Citing 12
Cited 6

A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
The SLam calculus: programming with secrecy and integrity

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Indexed Grammars—An Extension of Context-Free Grammars

Journal of the ACM (JACM)
Model checking

Model checking
Certification of programs for secure information flow

Communications of the ACM
A lattice model of secure information flow

Communications of the ACM
Security verification of programs with stack inspection

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Introduction To Automata Theory, Languages, And Computation

Introduction To Automata Theory, Languages, And Computation
Can you Trust your Data?

TAPSOFT '95 Proceedings of the 6th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
A Type-Based Approach to Program Security

TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
New security architectural directions for Java

COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference

Static check analysis for Java stack inspection

ACM SIGPLAN Notices
A Labeled Transition Model A-LTS for History-Based Aspect Weaving and Its Expressive Power

IEICE - Transactions on Information and Systems
Visualization of permission checks in java using static analysis

WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Automatic generation of history-based access control from information flow specification

ATVA'10 Proceedings of the 8th international conference on Automated technology for verification and analysis
A static analysis using tree automata for XML access control

ATVA'05 Proceedings of the Third international conference on Automated Technology for Verification and Analysis
HBAC: a model for history-based access control and its model checking

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Stack inspection is a key technology for runtime access control of programs in a network environment. In this paper, a verification problem to decide whether a given program with stack inspection satisfies a given security property is discussed. First, the computational complexity of the problem is investigated. Since the result implies the problem is computationally intractable in general, we introduce a practically important subclass of programs which exactly model programs containing check Permission of Java development kit 1.2. We show that the problem for this subclass is solvable in linear time in the size of a program.