Secure calling contexts for stack inspection

Authors:
Frédéric Besson;Thomas de Grenier de Latour;Thomas Jensen
Affiliations:
IRISA, Campus de Beaulieu, France;IRISA, Campus de Beaulieu, France;IRISA, Campus de Beaulieu, France
Venue:
Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming
Year:
2002

Citing 18
Cited 13

Temporal and modal logic

Handbook of theoretical computer science (vol. B)
Object-oriented type systems

Object-oriented type systems
Formal language, grammar and set-constraint-based program analysis by abstract interpretation

FPCA '95 Proceedings of the seventh international conference on Functional programming languages and computer architecture
Fast static analysis of C++ virtual function calls

Proceedings of the 11th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Call graph construction in object-oriented languages

Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Enforcing trace properties by program transformation

Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SASI enforcement of security policies: a retrospective

Proceedings of the 1999 workshop on New security paradigms
Static enforcement of security with types

ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Stack inspection: theory and variants

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Model checking security properties of control flow graphs

Journal of Computer Security
Principles of Program Analysis

Principles of Program Analysis
Compositional Verification of Secure Applet Interactions

FASE '02 Proceedings of the 5th International Conference on Fundamental Approaches to Software Engineering
Data-Flow-Based Virtual Function Resolution

SAS '96 Proceedings of the Third International Symposium on Static Analysis
Automatic synthesis of optimal invariant assertions: Mathematical foundations

Proceedings of the 1977 symposium on Artificial intelligence and programming languages
A new approach to mobile code security

A new approach to mobile code security
Going beyond the sandbox: an overview of the new security architecture in the javaTM development Kit 1.2

USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems

Languages of the future

OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Interfaces for stack inspection

Journal of Functional Programming
Languages of the future

ACM SIGPLAN Notices
A systematic approach to static access control

ACM Transactions on Programming Languages and Systems (TOPLAS)
Trace effects and object orientation

PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Static check analysis for Java stack inspection

ACM SIGPLAN Notices
Types and trace effects of higher order programs

Journal of Functional Programming
Types and trace effects for object orientation

Higher-Order and Symbolic Computation
A Type and Effect System for Flexible Abstract Interpretation of Java

Electronic Notes in Theoretical Computer Science (ENTCS)
Program Transformations under Dynamic Security Policies

Electronic Notes in Theoretical Computer Science (ENTCS)
Visualization of permission checks in java using static analysis

WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Computer security from a programming language and static analysis perspective

ESOP'03 Proceedings of the 12th European conference on Programming
Formal methods for smartcard security

Foundations of Security Analysis and Design III

Quantified Score

Hi-index	0.01

Visualization

Abstract

Stack inspection is a mechanism for programming secure applications by which a method can obtain information from the call stack about the code that (directly or indirectly) invoked it. This mechanism plays a fundamental role in the security architecture of Java and the .NET Common Language Runtime. A central problem with stack inspection is to determine to what extent the local checks inserted into the code are sufficient to guarantee that a global security property is enforced. In this paper, we present a technique for inferring a secure calling context for a method. By a secure calling context we mean a pre-condition on the call stack sufficient for guaranteeing that execution of the method will not violate a given global property. This is particularly useful for annotating library code in order to avoid having to re-analyse libraries for every new application. The technique is a constraint based static program analysis implemented via fixed point iteration over an abstract domain of linear temporal logic properties.