A Simple Semantics and Static Analysis for Java Security
نویسندگان
چکیده
Security in Java depends on an access control mechanism specified operationally in terms of run-time stack inspection. We give a denotational semantics in “eager” form, and show that it is equivalent to the “lazy” semantics using stack inspection. We give a static analysis of safety, i.e., the absence of security errors, that is significantly simpler than previous proposals. We identify several program transformations that can be used to remove run-time checks. We give complete, detailed proofs for safety of the analysis and for the transformations, exploiting compositionality of the “eager” semantics. This material is based upon work supported by the National Science Foundation under Grants EIA-9806835 and INT-9813854. A Simple Semantics and Static Analysis for Java Security Anindya Banerjee a,1 aStevens Institute of Technology, Hoboken, NJ 07030 USA David A. Naumann b,2 bStevens Institute of Technology, Hoboken, NJ 07030 USA
منابع مشابه
A Simple Semantics and Static Analysis for Stack Inspection
The Java virtual machine and the .NET common language runtime feature an access control mechanism specified operationally in terms of run-time stack inspection. We give a denotational semantics in “eager” form, and show that it is equivalent to the “lazy” semantics using stack inspection. We give a static analysis of safety, i.e., the absence of security errors, that is simpler than previous pr...
متن کاملA Formal Model of Access Control for Mobile Interactive Devices
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java MIDP security architecture used in Java-enabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a c...
متن کاملVerifying a Secure Information Flow Analyzer
Denotational semantics for a substantial fragment of Java is formalized by deep embedding in PVS, making extensive use of dependent types. A static analyzer for secure information flow for this language is proved correct, that is, it enforces noninterference.
متن کاملVerifying resource access control on mobile interactive devices
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain...
متن کاملTaking into account Java’s Security Manager for static verification
The verification of Java programs is a difficult task, especially with components like the Security Manager which modify the semantic of the Java Virtual Machine (JVM). To model this invasive behaviour the Security Manager can be implemented as an aspect component, using AspectJ. In this paper we describe a framework for static verification of Java programs containing AspectJ advices specified ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001