Visualization of Permission Checks in Java Using Static Analysis

  • Yoonkyung Kim
  • Byeong-Mo Chang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4298)


The security manager in Java 2 is a runtime access control mechanism. Whenever an access permission to critical resources is requested, the security manager inspects a call stack to examine whether the program has appropriate access permissions or not. This run-time permission check called stack inspection enforces access-control policies that associate access rights with the class that initiates the access. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. It is based on the static permission check analysis which approximates permission checks statically which must succeed or fail at each method. Using the visualization system, programmers can modify programs and policy files if necessary, as they examine how permission checks and their stack inspection are performed. This process can be repeated until the security policy is enforced correctly.


Java stack inspection security static analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bartoletti, M., Degano, P., Ferrari, G.L.: Static Analysis for Stack Inspection. Electr. Notes Theor. Comput. Sci. 54 (2001)Google Scholar
  2. 2.
    Bartoletti, M., Degano, P., Ferrari, G.L.: Stack inspection and secure program transformations. Int. Journal of Information Security 2, 187–217 (2004)Google Scholar
  3. 3.
    Besson, F., Blanc, T., Fournet, C., Gordon, A.D.: From Stack Inspection to Access Control: A Security Analysis for Libraries. In: CSFW 2004 (2004)Google Scholar
  4. 4.
    Besson, F.: Secure calling contexts for stack inspsection. In: de Grenier de Latour, T., Jensen, T. (eds.) Proc. 4th Conference on Principles and Practice of Declarative Programming, ACM Press, New York (2002)Google Scholar
  5. 5.
    Besson, F., Jensen, T., Le Metayer, D., Thorn, T.: Model checking security properties of control flow graphs. Journal of Computer Security 9, 217–250 (2001)Google Scholar
  6. 6.
    Chang, B.-M.: Static Check Analysis for Java Stack Inspection. ACM SIGPLAN Notices 41(2) (2006)Google Scholar
  7. 7.
    Erlingsson, U., Schneider, F.B.: IRM Enforcement of Java Stack Inspection. In: 2000 IEEE Symposium on Security and Privacy, pp. 246–255. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  8. 8.
    Fournet, C., Gordon, A.D.: Stack inspection: Theory and variants. ACM Trans. Program. Lang. & Syst. 25(3), 360–399 (2003)CrossRefGoogle Scholar
  9. 9.
    Gosling, J., Joy, B., Steele, G.: The Java Language Specification, 2nd edn. Addison-Wesley, Reading (2002)Google Scholar
  10. 10.
    Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call Graph Construction in Object-Oriented Languages. In: ACM OOPSLA, pp. 108–124. ACM Press, New York (1997)Google Scholar
  11. 11.
    Koved, L., Pistoia, M., Kershenbaum, A.: Access rights analysis for Java. In: ACM OOPSLA 2002, pp. 359–372. ACM Press, New York (2002)CrossRefGoogle Scholar
  12. 12.
    Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)zbMATHGoogle Scholar
  13. 13.
    Nitta, N., Takata, Y., Seki, H.: An efficient security verification method for programs with stack inspection. In: 2001 ACM Conference on Computer and Communications Security, pp. 68–77. ACM Press, New York (2001)CrossRefGoogle Scholar
  14. 14.
    Pottier, F., Skalka, C., Smith, S.F.: A systematic approach to static access control. ACM Trans. Program. Lang. & Syst. 27(2), 344–382 (2005)CrossRefGoogle Scholar
  15. 15.
    Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: ACM OOPSLA 2000, pp. 281–293. ACM Press, New York (2000)CrossRefGoogle Scholar
  16. 16.
    Wallach, D.S., Appel, A.W., Felten, E.W.: SAFKASI: a security mechanism for language-based systems. ACM Trans. Softw. Eng. Methodol. 9(4), 341–378 (2000)CrossRefGoogle Scholar
  17. 17.
    Bauer, L., Ligatti, J., Walker, D.: Composing Security Policies in Polymer. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2005, ACM Press, New York (2005)Google Scholar
  18. 18.

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Yoonkyung Kim
    • 1
  • Byeong-Mo Chang
    • 1
  1. 1.Department of Computer Science, Sookmyung Women’s University, Yongsan-ku, Seoul 140-742Korea

Personalised recommendations