Modular string-sensitive permission analysis with demand-driven precision

In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too m...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2009 IEEE 31st International Conference on Software Engineering S. 177 - 187
Hauptverfasser: Geay, Emmanuel, Pistoia, Marco, Takaaki Tateishi, Ryder, Barbara G., Dolby, Julian
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: Washington, DC, USA IEEE Computer Society 16.05.2009
IEEE
Schriftenreihe:ACM Conferences
Schlagworte:
Algorithm design and analysis
Authorization
General and reference > Cross-computing tools and techniques > Reliability
Inspection
Java
Laboratories
Permission
Prototypes
Runtime environment
Security
Software and its engineering > Software notations and tools
Software and its engineering > Software organization and properties > Extra-functional properties > Software reliability
Testing
ISBN:9781424434534, 142443453X
ISSN:0270-5257
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.
ISBN:9781424434534
142443453X
ISSN:0270-5257
DOI:10.1109/ICSE.2009.5070519