Title :
Modular string-sensitive permission analysis with demand-driven precision
Author :
Geay, Emmanuel ; Pistoia, Marco ; Tateishi, Takaaki ; Ryder, Barbara G. ; Dolby, Julian
Author_Institution :
IBM T. J. Watson Res. Center, Hawthorne, NY
Abstract :
In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.
Keywords :
Java; authorisation; object-oriented programming; program slicing; CLR; Java; access control restrictions; component assembling; composite algorithm; demand-driven precision; modern software systems; modular string-sensitive permission analysis; run-time authorization failures; security hole; slicing-based string analysis; static permission analysis; Algorithm design and analysis; Authorization; Inspection; Java; Laboratories; Permission; Prototypes; Runtime environment; Security; Testing;
Conference_Titel :
Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on
Conference_Location :
Vancouver, BC
Print_ISBN :
978-1-4244-3453-4
DOI :
10.1109/ICSE.2009.5070519
