Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Pointer-induced aliasing: a problem classification
POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Properties of data flow frameworks: a unified model
Acta Informatica
Interprocedural static analysis of sequencing constraints
ACM Transactions on Software Engineering and Methodology (TOSEM)
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
Data flow analysis for verifying properties of concurrent programs
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
The security of static typing with dynamic linking
Proceedings of the 4th ACM conference on Computer and communications security
A type system for Java bytecode subroutines
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLam calculus: programming with secrecy and integrity
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Security properties of typed applets
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Improving efficiency of symbolic model checking for state-based system requirements
Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis
Data flow analysis for checking properties of concurrent Java programs
Proceedings of the 21st international conference on Software engineering
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
Scalable propagation-based call graph construction algorithms
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A formal specification of Java class loading
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A sound type system for secure flow analysis
Journal of Computer Security
Security verification of programs with stack inspection
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Pointer analysis: haven't we solved this problem yet?
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Extending and evaluating flow-insenstitive and context-insensitive points-to analyses for Java
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A framework for call graph construction algorithms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Flow Analysis of Computer Programs
Flow Analysis of Computer Programs
Java 2 Network Security
Evaluating Deadlock Detection Methods for Concurrent Software
IEEE Transactions on Software Engineering
Tool Support for Planning the Restructuring of Data Abstractions in Large Systems
IEEE Transactions on Software Engineering
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
The Murphi Verification System
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Automated analysis of cryptographic protocols using Mur/spl phi/
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Finite-state analysis of SSL 3.0
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Static analysis of role-based access control in J2EE applications
ACM SIGSOFT Software Engineering Notes
A systematic approach to static access control
ACM Transactions on Programming Languages and Systems (TOPLAS)
Program analysis for security and privacy
ECOOP'06 Proceedings of the 2006 conference on Object-oriented technology: ECOOP 2006 workshop reader
| Hi-index | 0.00 |
Open distributed systems are becoming increasingly popular. Such systems include components that may be obtained from a number of different sources. For example, Java allows run-time loading of software components residing on remote machines. One unfortunate side-effect of this openness is the possibility that "hostile" software components may compromise the security of both the program and the system on which it runs. Java offers a built-in security mechanism, using which programmers can give permissions to distributed components and check these permissions at run-time. This security model is flexible, but using it is not straightforward, which may lead to insufficiently tight permission checking and therefore breaches of security.In this paper, we propose a data flow algorithm for automated analysis of the flow of permissions in Java programs. Our algorithm produces, for a given instruction in the program, a set of permissions that are checked on all possible executions up to this instruction. This information can be used in program understanding tools or directly for checking properties that assert what permissions must always be checked before access to certain functionality is allowed. The worst-case complexity of our algorithm is low-order polynomial in the number of program statements and permission types, while comparable previous approaches have exponential costs.