Article

Access rights analysis for Java

Authors:

Aaron KershenbaumAuthors Info & Claims

OOPSLA '02: Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

Pages 359 - 372

https://doi.org/10.1145/582419.582452

Published: 04 November 2002 Publication History

Abstract

Java 2 has a security architecture that protects systems from unauthorized access by mobile or statically configured code. The problem is in manually determining the set of security access rights required to execute a library or application. The commonly used strategy is to execute the code, note authorization failures, allocate additional access rights, and test again. This process iterates until the code successfully runs for the test cases in hand. Test cases usually do not cover all paths through the code, so failures can occur in deployed systems. Conversely, a broad set of access rights is allocated to the code to prevent authorization failures from occurring. However, this often leads to a violation of the "Principle of Least Privilege"This paper presents a technique for computing the access rights requirements by using a context sensitive, flow sensitive, interprocedural data flow analysis. By using this analysis, we compute at each program point the set of access rights required by the code. We model features such as multi-threading, implicitly defined security policies, the semantics of the Permission.implies method and generation of a security policy description. We implemented the algorithms and present the results of our analysis on a set of programs. While the analysis techniques described in this paper are in the context of Java code, the basic techniques are applicable to access rights analysis issues in non-Java-based systems.

References

[1]

O. Agesen. The Cartesian Product Algorithm: Simple and precise type inference of parametric polymorphism. In Proceedings of ECOOP '95, Aarhus, Denmark, August 1995. Springer-Verlag, 1995.]]

Digital Library

[2]

D.F. Bacon and P.F. Sweeney. Fast static analysis of C++ virtual function calls. In Proceedings of the Eleventh Annual Conference on Object-Oriented Programming Systems, Languages, Systems and Applications (OOPSLA'96), San Jose, CA. 1996, 324--341, ACM Press, New York. Also in ACM SIGPLAN Notices 31(10).]]

Digital Library

[3]

D.F. Bacon. Fast and Effective Optimization of Statically Typed Object-Oriented Languages. PhD thesis, Computer Science Division, University of California, Berkeley, Dec. 1997. Report No. UCB/CSD-98-1017.]]

Digital Library

[4]

A. Banerjee and D. A. Naumann. A Simple Semantics and Static Analysis for Java Security. Stevens Institute of Technology, CS Report 2001-1, July 2001.]]

[5]

M. Bartoletti, P. Degano, and G. Ferrari. Static Analysis for Stack Inspection. Proceedings of ConCoord, Lipari, Italy, 6--8 July 2001, ENTCS 54, Elsevier Science B. V., 2001.]]

[6]

C. Chambers, D. Grove, G. DeFouw and J. Dean. Call graph construction in object-oriented languages. In Proceedings of the ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA'97), 108--124, Oct. 5--9, 1997, ACM Press, New York. Also in ACM SIGPLAN Notices 32(10).]]

Digital Library

[7]

J. Dean, D. Grove and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. In Proceedings of the Ninth European Conference on Object-Oriented Programming (ECOOP'95). Aarhus, Denmark, Aug. 1995. W. Olthoff, Ed., Springer-Verlag, 77--101.]]

Digital Library

[8]

D. Dean, E.W. Felten, and D.S. Wallach. Java Security: From HotJava to Netscape and Beyond. Proceedings of the 1996 IEEE Syposium on Security and Privacy (Oakland, California), IEEE, May 1996.]]

Digital Library

[9]

D. Dean. The Security of Static Typing with Dynamic Linking. Proceedings of the Fourth ACM Conference on Computer and Communications Security. (Zurich, Switzerland), April 1997.]]

Digital Library

[10]

D. Dean, E. W. Felten, D.S. Wallach, and D. Balfanz. Java Security: Web Browsers and Beyond. Internet Beseiged: Counter Cyberspace Scofflaws, D.E. Denning and P.J. Denning, eds. ACM Press (NY, NY), October 1997.]]

Digital Library

[11]

R.D. Dean. Formal Aspects of Mobile Code Security. PhD thesis, Princeton University, Princeton, New Jersey, January 1999.]]

Digital Library

[12]

A. Erlingsson and F.B. Schneider. IRM Enforcement of Java Stack Inspection. Proceedings IEEE Symposium on Security and Privacy, pp. 246--255, Oakland, California, May 2000.]]

Digital Library

[13]

L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. Proceedings of the USENIX Symposium on Internet Technologies and Systems, 103--112, Monterey, CA., December 1997.]]

Digital Library

[14]

L. Gong and R. Schemers. Implementing Protection Domains in the Java Development Kit 1.2.]]

[15]

L. Gong. Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading, MA. 1999.]]

Digital Library

[16]

D. Grove and C. Chambers. A Framework for Call Graph Construction Algorithms. ACM TOPLAS, Vol. 23, No. 6, November 2001.]]

Digital Library

[17]

T. Jensen D. Le Matayer and T. Thorn. Verification of control flow based security properties. IRISA, Publication interne no. 1210, October 1998.]]

[18]

G. A. Kildall. A Unified Approach to Global Program Optimization. Proceedings of Principles of Programming Languages, pp. 194--206, 1973.]]

Digital Library

[19]

G. McGraw and E.W. Felten. Securing Java. John Wiley & Sons, Inc., New York. 1999.]]

[20]

G. Morrisett, D. Walker, K. Crary, and N. Glew. From system F to Typed Assembly Language. In ACM Transactions on Programming Languages and Systems, 21(3):528--569, May 1999.]]

Digital Library

[21]

S.S. Muchnick. Advanced Compiler Design And Implementation. Morgan Kaufmann Publishers, San Diego, CA, 1997.]]

Digital Library

[22]

R. Oberg. Mastering RMI: Developing Enterprise Applications in Java and EJB. John Wiley & Sons, Inc., New York. 2001.]]

Digital Library

[23]

M. Pistoia., D.F. Reller, D. Gupta., M. Nagnur., A.K. Ramani. Java 2 Network Security, Second Edition. Prentice Hall PTR, New Jersey, 1999.]]

Digital Library

[24]

J. Plevyak and A.A. Chien. Precise Concrete Type Inference for Object-Oriented Languages. ACM OOPSLA'94, Object-Oriented Programming Systems, Languages and Applications, pp. 324--340, Portland, Oregon, October 1994.]]

Digital Library

[25]

F. Pottier, C. Skalka and S. Smith. A Systematic Approach to Static Access Control. D. Sands (Ed.): ESOP 2001, LNCS 2028, pp.30--45, 2001. Springer-Verlag, Berlin Heidelberg 2001.]]

Digital Library

[26]

Saltzer J.H. and M.D.Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE 63 9 (Sept.1975), 1278--1308.]]

[27]

O. Shivers. Control-flow Analysis in Scheme. ACM SIGPLAN Notices, 23(7):164--174, July 1988. Proceedings of the ACM SIGPLAN 1988 Conference on Programming Languages Design and Implementation.]]

Digital Library

[28]

V. Sundaresan, L. Hendren, C. Razafimahefa, R. Vallee-Rai, P. Lam, E. Gagnon and C. Godin. Practical Virtual Method Call Resolution for Java. In Proceedings of the ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA 2000), 264--280, Oct. 15--19, 2000, ACM Press, New York. Also in ACM SIGPLAN Notices 35(10).]]

Digital Library

[29]

F. Tip and J. Palsberg. Scalable Propagation-Based Call Graph Construction Algorithms. In Proceedings of the ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA'97), 264--280, Oct. 15--19, 2000, ACM Press, New York. Also in ACM SIGPLAN Notices 35(10).]]

Digital Library

[30]

D.S. Wallach, D. Balfanz, D. Dean, E.W. Felten. Extensible Security Architectures for Java. 16th Symposium on Operating Systems Principles (Saint-Malo, France), October 1997.]]

Digital Library

[31]

D.S. Wallach and E.W. Felten. Understanding Java Stack Inspection. Proceedings of the 1998 IEEE Symposium on Security and Privacy (Oakland, California), May 1998.]]

[32]

D.S. Wallach. A New Approach to Mobile Code Security. PhD thesis, Princeton University, Princeton, New Jersey, January 1999.]]

Digital Library

Cited By

Arvanitis INtousakis GIoannidis SVasilakis NLindorfer MPolakis J(2022)A systematic analysis of the event-stream incidentProceedings of the 15th European Workshop on Systems Security10.1145/3517208.3523753(22-28)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1145/3517208.3523753
Vasilakis NStaicu CNtousakis GKallas KKarel BDeHon APradel MKim YKim JVigna GShi E(2021)Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege ReductionProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484535(1821-1838)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484535
Pailoor SWang XShacham HDillig I(2020)Automated policy synthesis for system call sandboxingProceedings of the ACM on Programming Languages10.1145/34282034:OOPSLA(1-26)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3428203
Show More Cited By

Recommendations

Access rights analysis for Java

Java 2 has a security architecture that protects systems from unauthorized access by mobile or statically configured code. The problem is in manually determining the set of security access rights required to execute a library or application. The ...
An Extended Capability Architecture To Enforce Dynamic Access Control Policies
ACSAC '96: Proceedings of the 12th Annual Computer Security Applications Conference

Capability has been widely used as a fundamental mechanism for access control in distributed systems. When an object manager receives a capability from a user process for accessing an object, it verifies the genuineness of the capability and checks ...
Security architecture and methodology for authorisation of mobile agents

One approach to authorisation of mobile agents is to use extensible access control mark-up language (XACML) policies by assigning roles to agents and then enforcing role-based authorisation. In this paper we show how traditional XACML polices, used for ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

OOPSLA '02: Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications

November 2002

396 pages

ISBN:1581134711

DOI:10.1145/582419

Conference Chair:
Mamdouh Ibrahim
IBM Global Services
,
Program Chair:
Satoshi Matsuoka
Tokyo Institute of Technology

ACM SIGPLAN Notices Volume 37, Issue 11
November 2002
385 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/583854
Issue’s Table of Contents

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

OOPSLA02

Sponsor:

OOPSLA02: ACM SIGPLAN Object Oriented Programming Systems Languages and Applications Conference

November 4 - 8, 2002

Washington, Seattle, USA

Acceptance Rates

OOPSLA '02 Paper Acceptance Rate 25 of 125 submissions, 20%;

Overall Acceptance Rate 268 of 1,244 submissions, 22%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

71
Total Citations
View Citations
1,163
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Arvanitis INtousakis GIoannidis SVasilakis NLindorfer MPolakis J(2022)A systematic analysis of the event-stream incidentProceedings of the 15th European Workshop on Systems Security10.1145/3517208.3523753(22-28)Online publication date: 5-Apr-2022
https://dl.acm.org/doi/10.1145/3517208.3523753
Vasilakis NStaicu CNtousakis GKallas KKarel BDeHon APradel MKim YKim JVigna GShi E(2021)Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege ReductionProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484535(1821-1838)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484535
Pailoor SWang XShacham HDillig I(2020)Automated policy synthesis for system call sandboxingProceedings of the ACM on Programming Languages10.1145/34282034:OOPSLA(1-26)Online publication date: 13-Nov-2020
https://dl.acm.org/doi/10.1145/3428203
Ando R(2018)Automated reduction of attack surface using call graph enumerationProceedings of the 2018 2nd International Conference on Management Engineering, Software Engineering and Service Sciences10.1145/3180374.3181327(118-121)Online publication date: 13-Jan-2018
https://dl.acm.org/doi/10.1145/3180374.3181327
Hu XZhou JGravani SCriswell J(2018)Transforming Code to Drop Dead Privileges2018 IEEE Cybersecurity Development (SecDev)10.1109/SecDev.2018.00014(45-52)Online publication date: Sep-2018
https://doi.org/10.1109/SecDev.2018.00014
Li XThanh HDeng YDolby J(2018)Generating Permission-Based Security Policies2018 5th International Conference on Dependable Systems and Their Applications (DSA)10.1109/DSA.2018.00013(1-7)Online publication date: Sep-2018
https://doi.org/10.1109/DSA.2018.00013
Lu YBae SKrishnan PRaghavendra K(2017)Inference of Security-Sensitive Entities in Libraries2017 IEEE Security and Privacy Workshops (SPW)10.1109/SPW.2017.26(102-109)Online publication date: May-2017
https://doi.org/10.1109/SPW.2017.26
Holzinger PHermann BLerch JBodden EMezini M(2017)Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation2017 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2017.16(1027-1040)Online publication date: May-2017
https://doi.org/10.1109/SP.2017.16
Martnez SCosentino VCabot J(2017)Model-based analysis of Java EE web security misconfigurationsComputer Languages, Systems and Structures10.1016/j.cl.2017.02.00149:C(36-61)Online publication date: 1-Sep-2017
https://dl.acm.org/doi/10.1016/j.cl.2017.02.001
Reif MEichberg MHermann BLerch JMezini MZimmermann TCleland-Huang JSu Z(2016)Call graph construction for Java librariesProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2950290.2950312(474-486)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/2950290.2950312
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents