Visualization of Permission Checks in Java Using Static Analysis

Kim, Yoonkyung; Chang, Byeong-Mo

doi:10.1007/978-3-540-71093-6_11

Yoonkyung Kim¹ &
Byeong-Mo Chang¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4298))

Included in the following conference series:

International Workshop on Information Security Applications

498 Accesses

Abstract

The security manager in Java 2 is a runtime access control mechanism. Whenever an access permission to critical resources is requested, the security manager inspects a call stack to examine whether the program has appropriate access permissions or not. This run-time permission check called stack inspection enforces access-control policies that associate access rights with the class that initiates the access. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. It is based on the static permission check analysis which approximates permission checks statically which must succeed or fail at each method. Using the visualization system, programmers can modify programs and policy files if necessary, as they examine how permission checks and their stack inspection are performed. This process can be repeated until the security policy is enforced correctly.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bartoletti, M., Degano, P., Ferrari, G.L.: Static Analysis for Stack Inspection. Electr. Notes Theor. Comput. Sci. 54 (2001)
Google Scholar
Bartoletti, M., Degano, P., Ferrari, G.L.: Stack inspection and secure program transformations. Int. Journal of Information Security 2, 187–217 (2004)
Google Scholar
Besson, F., Blanc, T., Fournet, C., Gordon, A.D.: From Stack Inspection to Access Control: A Security Analysis for Libraries. In: CSFW 2004 (2004)
Google Scholar
Besson, F.: Secure calling contexts for stack inspsection. In: de Grenier de Latour, T., Jensen, T. (eds.) Proc. 4th Conference on Principles and Practice of Declarative Programming, ACM Press, New York (2002)
Google Scholar
Besson, F., Jensen, T., Le Metayer, D., Thorn, T.: Model checking security properties of control flow graphs. Journal of Computer Security 9, 217–250 (2001)
Google Scholar
Chang, B.-M.: Static Check Analysis for Java Stack Inspection. ACM SIGPLAN Notices 41(2) (2006)
Google Scholar
Erlingsson, U., Schneider, F.B.: IRM Enforcement of Java Stack Inspection. In: 2000 IEEE Symposium on Security and Privacy, pp. 246–255. IEEE Computer Society Press, Los Alamitos (2000)
Google Scholar
Fournet, C., Gordon, A.D.: Stack inspection: Theory and variants. ACM Trans. Program. Lang. & Syst. 25(3), 360–399 (2003)
Article Google Scholar
Gosling, J., Joy, B., Steele, G.: The Java Language Specification, 2nd edn. Addison-Wesley, Reading (2002)
Google Scholar
Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call Graph Construction in Object-Oriented Languages. In: ACM OOPSLA, pp. 108–124. ACM Press, New York (1997)
Google Scholar
Koved, L., Pistoia, M., Kershenbaum, A.: Access rights analysis for Java. In: ACM OOPSLA 2002, pp. 359–372. ACM Press, New York (2002)
Chapter Google Scholar
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)
MATH Google Scholar
Nitta, N., Takata, Y., Seki, H.: An efficient security verification method for programs with stack inspection. In: 2001 ACM Conference on Computer and Communications Security, pp. 68–77. ACM Press, New York (2001)
Chapter Google Scholar
Pottier, F., Skalka, C., Smith, S.F.: A systematic approach to static access control. ACM Trans. Program. Lang. & Syst. 27(2), 344–382 (2005)
Article Google Scholar
Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: ACM OOPSLA 2000, pp. 281–293. ACM Press, New York (2000)
Chapter Google Scholar
Wallach, D.S., Appel, A.W., Felten, E.W.: SAFKASI: a security mechanism for language-based systems. ACM Trans. Softw. Eng. Methodol. 9(4), 341–378 (2000)
Article Google Scholar
Bauer, L., Ligatti, J., Walker, D.: Composing Security Policies in Polymer. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2005, ACM Press, New York (2005)
Google Scholar
http://java.sun.com/j2se/1.5.0/docs/api

Download references

Author information

Authors and Affiliations

Department of Computer Science, Sookmyung Women’s University, Yongsan-ku, Seoul 140-742, Korea
Yoonkyung Kim & Byeong-Mo Chang

Authors

Yoonkyung Kim
View author publications
You can also search for this author in PubMed Google Scholar
Byeong-Mo Chang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Jae Kwang Lee Okyeon Yi Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kim, Y., Chang, BM. (2007). Visualization of Permission Checks in Java Using Static Analysis. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_11

Download citation

DOI: https://doi.org/10.1007/978-3-540-71093-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71092-9
Online ISBN: 978-3-540-71093-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics