Modular string-sensitive permission analysis with demand-driven precision

In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2009 IEEE 31st International Conference on Software Engineering S. 177 - 187
Hauptverfasser: Geay, Emmanuel, Pistoia, Marco, Takaaki Tateishi, Ryder, Barbara G., Dolby, Julian
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: Washington, DC, USA IEEE Computer Society 16.05.2009
IEEE
Schriftenreihe:ACM Conferences
Schlagworte:
Algorithm design and analysis
Authorization
General and reference > Cross-computing tools and techniques > Reliability
Inspection
Java
Laboratories
Permission
Prototypes
Runtime environment
Security
Software and its engineering > Software notations and tools
Software and its engineering > Software organization and properties > Extra-functional properties > Software reliability
Testing
ISBN:9781424434534, 142443453X
ISSN:0270-5257
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Abstract In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.
AbstractList In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.
Author Geay, Emmanuel
Takaaki Tateishi
Ryder, Barbara G.
Dolby, Julian
Pistoia, Marco
Author_xml – sequence: 1
  givenname: Emmanuel
  surname: Geay
  fullname: Geay, Emmanuel
  organization: IBM T. J. Watson Research Center, Hawthorne, NY, USA
– sequence: 2
  givenname: Marco
  surname: Pistoia
  fullname: Pistoia, Marco
  organization: IBM T. J. Watson Research Center, Hawthorne, NY, USA
– sequence: 3
  surname: Takaaki Tateishi
  fullname: Takaaki Tateishi
  organization: IBM Tokyo Research Laboratory, Japan
– sequence: 4
  givenname: Barbara G.
  surname: Ryder
  fullname: Ryder, Barbara G.
  organization: Virginia Tech, Blacksburg, USA
– sequence: 5
  givenname: Julian
  surname: Dolby
  fullname: Dolby, Julian
  organization: IBM T. J. Watson Research Center, Hawthorne, NY, USA
BookMark eNqNkE9LAzEQxQMqWGs_gHjZs7B18s8kRylVCxUP6jlkk6xGu9mSrEq_vVla785lDr_3hnnvDB3HPnqELjDMMQZ1vVo8L-cEQM05COBYHaGZEhIzwhhlnLJjNAEioOaEi1M0y_kDyhSCpZqg1WPvvjYmVXlIIb7V2ccchvDtq61PXcg59LEy0Wx2OeTqJwzvlfOdia52qahitU3ehlF1jk5as8l-dthT9Hq3fFk81Oun-9Xidl0bwvFQ0xsGXCqjyrtENBw3jNtWNdxab4QVBjshKVdApHTWOemoaRhuXcttiQV0ii73d4P3Xm9T6Eza6UP4QmFPje100_efWWPQY1N6bEqPTf2JdZOCb4vl6t8W-gt5rWrV
ContentType Conference Proceeding
DBID 6IE
6IH
CBEJK
RIE
RIO
DOI 10.1109/ICSE.2009.5070519
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Proceedings Order Plan (POP) 1998-present by volume
IEEE Xplore All Conference Proceedings
IEEE Electronic Library (IEL)
IEEE Proceedings Order Plans (POP) 1998-present
DatabaseTitleList

Database_xml – sequence: 1
  dbid: RIE
  name: IEEE/IET Electronic Library (IEL) (UW System Shared)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EndPage 187
ExternalDocumentID 5070519
Genre orig-research
GroupedDBID 6IE
6IF
6IG
6IH
6IK
6IL
6IM
6IN
AAJGR
AARBI
ACM
ADPZR
ALMA_UNASSIGNED_HOLDINGS
APO
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
GUFHI
IERZE
OCL
RIE
RIL
RIO
-~X
.4S
.DC
123
23M
29O
5VS
8US
AAWTH
ABLEC
ADZIZ
AFFNX
ARCSS
AVWKF
CHZPO
EDO
FEDTE
I-F
I07
IEGSK
IJVOP
IPLJI
M43
RNS
XOL
ID FETCH-LOGICAL-a251t-3640589a950727b51b45cf9b5ccea7c7a1d783590288dcdd8d3ab41fdf5c78103
IEDL.DBID RIE
ISBN 9781424434534
142443453X
ISICitedReferencesCount 10
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000271438200017&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 0270-5257
IngestDate Wed Aug 27 02:03:50 EDT 2025
Wed Jan 31 06:38:21 EST 2024
Wed Jan 31 06:42:45 EST 2024
IsPeerReviewed false
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-a251t-3640589a950727b51b45cf9b5ccea7c7a1d783590288dcdd8d3ab41fdf5c78103
PageCount 11
ParticipantIDs acm_books_10_1109_ICSE_2009_5070519_brief
acm_books_10_1109_ICSE_2009_5070519
ieee_primary_5070519
PublicationCentury 2000
PublicationDate 20090516
2009-May
PublicationDateYYYYMMDD 2009-05-16
2009-05-01
PublicationDate_xml – month: 05
  year: 2009
  text: 20090516
  day: 16
PublicationDecade 2000
PublicationPlace Washington, DC, USA
PublicationPlace_xml – name: Washington, DC, USA
PublicationSeriesTitle ACM Conferences
PublicationTitle 2009 IEEE 31st International Conference on Software Engineering
PublicationTitleAbbrev ICSE
PublicationYear 2009
Publisher IEEE Computer Society
IEEE
Publisher_xml – name: IEEE Computer Society
– name: IEEE
SSID ssj0000453189
ssj0006499
Score 1.8120534
Snippet In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to...
SourceID ieee
acm
SourceType Publisher
StartPage 177
SubjectTerms Algorithm design and analysis
Authorization
General and reference -- Cross-computing tools and techniques -- Reliability
Inspection
Java
Laboratories
Permission
Prototypes
Runtime environment
Security
Software and its engineering -- Software notations and tools
Software and its engineering -- Software organization and properties -- Extra-functional properties -- Software reliability
Testing
Title Modular string-sensitive permission analysis with demand-driven precision
URI https://ieeexplore.ieee.org/document/5070519
WOSCitedRecordID wos000271438200017&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFH5sw4OnqZs4fxHQi2BcuzZtcx4b7uAYqLBbSZNUdlg3us2_37w0rQge9NY2oQ2PNHnfy3vfB3BvnBAW5AadSM08GkoeUa5HEY0TPxJCC-T4tmIT8XyeLJd80YLHphZGa22Tz_QTXtqzfLWRBwyVDY3vgh5HG9pxHFW1Wk08xbgmZnryZhWOQqsdaVCXR5Hxsy7qCky_Zc315O5Dd9zpe3w4G79OKhpL9zXctuT6h_iK3Xum3f-N-gT630V8ZNFsT6fQ0sUZdGsVB-J-6h7MXjYKc1EJKngUH3SHKe24CJItJspglmxBhOMuIRi3JUqvRaGoKnGpJNvS6fT04X06eRs_UyewQIVxa_Y0iEJUFRTcDHEUZ8zPQiZznjEptYhlLHyFgSEkeEmUVCpRgchCP1c5k8Z8XnAOnWJT6AsgBhYlI6EMGPJyg7k0F14glCX_Ucy8agB3xoopIoddaoGHx1O0Nepg8tTZaAAPf-iVZuVK5wPooa3TbcXKUTde_v74Co6rcyBMVbyGzr486Bs4kp_71a68tVPpCyn9vXA
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PT8IwFH5BNNETKhjxZxO9mFjZr27rmUAgAiERE25L13aGA4MM8O-3bxszJh70tq3N1rx07fte3_s-gEfjhDA3MehEamZRT3Kfcu34NAhtXwgtkOM7F5sIJpNwPufTGjxXtTBa6zz5TL_gZX6Wr1Zyh6GyjvFd0OM4gEPmeY5VVGtVERXjnJgJyqt12Pdy9UiDuyyKnJ_7si7X9Jvv2Z7Ke6888LQt3hl233oFkWX5Pdy45PKH_Eq--_Qb_xv3KbS-y_jItNqgzqCm03No7HUcSPlbN2E4XinMRiWo4ZF-0A0mteMySNaYKoN5sikRJXsJwcgtUXopUkVVhoslWWelUk8L3vu9WXdAS4kFKoxjs6Wu76GuoOBmiE4QMzv2mEx4zKTUIpCBsBWGhpDiJVRSqVC5IvbsRCVMGvNZ7gXU01WqL4EYYBQ6Qhk4ZCUGdWkuLFeonP5HMfOqNjwYK0aIHTZRDj0sHqGtUQmTR6WN2vD0h15RnC100oYm2jpaF7wc-8ar3x_fw_FgNh5Fo-Hk9RpOilMhTFy8gfo22-lbOJKf28Umu8un1Rc6BMC3
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+of+the+31st+International+Conference+on+Software+Engineering&rft.atitle=Modular+string-sensitive+permission+analysis+with+demand-driven+precision&rft.au=Geay%2C+Emmanuel&rft.au=Pistoia%2C+Marco&rft.au=Takaaki+Tateishi&rft.au=Ryder%2C+Barbara+G.&rft.series=ACM+Conferences&rft.date=2009-05-16&rft.pub=IEEE+Computer+Society&rft.isbn=9781424434534&rft.spage=177&rft.epage=187&rft_id=info:doi/10.1109%2FICSE.2009.5070519
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0270-5257&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0270-5257&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0270-5257&client=summon