Abstract
The security manager in Java 2 is a runtime access control mechanism. Whenever an access permission to critical resources is requested, the security manager inspects a call stack to examine whether the program has appropriate access permissions or not. This run-time permission check called stack inspection enforces access-control policies that associate access rights with the class that initiates the access. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. It is based on the static permission check analysis which approximates permission checks statically which must succeed or fail at each method. Using the visualization system, programmers can modify programs and policy files if necessary, as they examine how permission checks and their stack inspection are performed. This process can be repeated until the security policy is enforced correctly.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bartoletti, M., Degano, P., Ferrari, G.L.: Static Analysis for Stack Inspection. Electr. Notes Theor. Comput. Sci. 54 (2001)
Bartoletti, M., Degano, P., Ferrari, G.L.: Stack inspection and secure program transformations. Int. Journal of Information Security 2, 187–217 (2004)
Besson, F., Blanc, T., Fournet, C., Gordon, A.D.: From Stack Inspection to Access Control: A Security Analysis for Libraries. In: CSFW 2004 (2004)
Besson, F.: Secure calling contexts for stack inspsection. In: de Grenier de Latour, T., Jensen, T. (eds.) Proc. 4th Conference on Principles and Practice of Declarative Programming, ACM Press, New York (2002)
Besson, F., Jensen, T., Le Metayer, D., Thorn, T.: Model checking security properties of control flow graphs. Journal of Computer Security 9, 217–250 (2001)
Chang, B.-M.: Static Check Analysis for Java Stack Inspection. ACM SIGPLAN Notices 41(2) (2006)
Erlingsson, U., Schneider, F.B.: IRM Enforcement of Java Stack Inspection. In: 2000 IEEE Symposium on Security and Privacy, pp. 246–255. IEEE Computer Society Press, Los Alamitos (2000)
Fournet, C., Gordon, A.D.: Stack inspection: Theory and variants. ACM Trans. Program. Lang. & Syst. 25(3), 360–399 (2003)
Gosling, J., Joy, B., Steele, G.: The Java Language Specification, 2nd edn. Addison-Wesley, Reading (2002)
Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call Graph Construction in Object-Oriented Languages. In: ACM OOPSLA, pp. 108–124. ACM Press, New York (1997)
Koved, L., Pistoia, M., Kershenbaum, A.: Access rights analysis for Java. In: ACM OOPSLA 2002, pp. 359–372. ACM Press, New York (2002)
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)
Nitta, N., Takata, Y., Seki, H.: An efficient security verification method for programs with stack inspection. In: 2001 ACM Conference on Computer and Communications Security, pp. 68–77. ACM Press, New York (2001)
Pottier, F., Skalka, C., Smith, S.F.: A systematic approach to static access control. ACM Trans. Program. Lang. & Syst. 27(2), 344–382 (2005)
Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: ACM OOPSLA 2000, pp. 281–293. ACM Press, New York (2000)
Wallach, D.S., Appel, A.W., Felten, E.W.: SAFKASI: a security mechanism for language-based systems. ACM Trans. Softw. Eng. Methodol. 9(4), 341–378 (2000)
Bauer, L., Ligatti, J., Walker, D.: Composing Security Policies in Polymer. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2005, ACM Press, New York (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Kim, Y., Chang, BM. (2007). Visualization of Permission Checks in Java Using Static Analysis. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-71093-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71092-9
Online ISBN: 978-3-540-71093-6
eBook Packages: Computer ScienceComputer Science (R0)