• DocumentCode
    2414704
  • Title

    Bytecode Verification for Enhanced JVM Access Control

  • Author

    Liu, Dongxi

  • Author_Institution
    Sch. of Inf. Sci. & Technol., Tokyo Univ.
  • fYear
    2007
  • fDate
    10-13 April 2007
  • Firstpage
    162
  • Lastpage
    172
  • Abstract
    This paper presents an approach to addressing the known weaknesses and security issues of JVM stack inspection in a unified framework. We first propose an enhanced JVM access control mechanism. In this mechanism, values are also associated with security levels. When enforcing access control, this mechanism checks not only the permissions of code on stack as the usual stack inspection, but also the security levels of values to make sure they are used legally. We then present a static type system to verify whether a bytecode program satisfies the security property achieved by this enhanced mechanism. This type system performs modular and context-sensitive analysis at the method level by generating and solving constraints, and path-sensitive analysis at the code block level by using a trace-based approach. In addition, this type system does not need any user annotation for verification
  • Keywords
    Java; authorisation; program verification; JVM access control; JVM stack inspection; bytecode verification; security issues; trace-based approach; Access control; Failure analysis; Information security; Inspection; Java; Optimization methods; Performance analysis; Permission; Protection; Runtime;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.55
  • Filename
    4159800