Title :
From stack inspection to access control: a security analysis for libraries
Author :
Besson, Frédéric ; Blanc, Tomasz ; Fournet, Cédric ; Gordon, Andrew D.
Abstract :
We present a new static analysis for reviewing the security of libraries for systems, such as JVMs or the CLR, that rely on stack inspection for access control. We describe its implementation for the CLR. Our tool inputs a set of libraries plus a description of the permissions granted to unknown, potentially hostile code. It constructs a permission-sensitive call graph, which can be queried to identify potential security defects. It has been applied to large pre-existing libraries. We also develop a new formal model of the essentials of access control in the CLR (types, classes and inheritance, access modifiers, permissions, and stack inspection). In this model, we state and prove the correctness of the analysis.
Keywords :
authorisation; object-oriented programming; program diagnostics; software libraries; CLR; JVM; access control; access modifier; formal model; permission-sensitive call graph; potential security defects; potentially hostile code; security analysis; software libraries; stack inspection; static analysis; Access control; Documentation; Inspection; Java; Permission; Runtime library; Security; Software libraries; Testing; Virtual machining;
Conference_Titel :
Computer Security Foundations Workshop, 2004. Proceedings. 17th IEEE
Print_ISBN :
0-7695-2169-X
DOI :
10.1109/CSFW.2004.1310732
