Static check analysis for Java stack inspection
ACM SIGPLAN Notices
Enforcing authorization policies using transactional memory introspection
Proceedings of the 15th ACM conference on Computer and communications security
Visualization of permission checks in java using static analysis
WISA'06 Proceedings of the 7th international conference on Information security applications: PartI
Automatic generation of history-based access control from information flow specification
ATVA'10 Proceedings of the 8th international conference on Automated technology for verification and analysis
On-device control flow verification for Java programs
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Hi-index | 0.00 |
We present a new static analysis for reviewing the securityof libraries for systems, such as JVMs or the CLR,that rely on stack inspection for access control. We describeits implementation for the CLR. Our tool inputs a set of librariesplus a description of the permissions granted to unknown,potentially hostile code. It constructs a permission-sensitivecall graph, which can be queried to identify potentialsecurity defects. It has been applied to large pre-existinglibraries.We also develop a new formal model of the essentials ofaccess control in the CLR (types, classes and inheritance,access modifiers, permissions, and stack inspection). In thismodel, we state and prove the correctness of the analysis.