Modular string-sensitive permission analysis with demand-driven precision

In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too m...

Full description

Saved in:
Bibliographic Details
Published in:2009 IEEE 31st International Conference on Software Engineering pp. 177 - 187
Main Authors: Geay, Emmanuel, Pistoia, Marco, Takaaki Tateishi, Ryder, Barbara G., Dolby, Julian
Format: Conference Proceeding
Language:English
Published: Washington, DC, USA IEEE Computer Society 16.05.2009
IEEE
Series:ACM Conferences
Subjects:
Algorithm design and analysis
Authorization
General and reference > Cross-computing tools and techniques > Reliability
Inspection
Java
Laboratories
Permission
Prototypes
Runtime environment
Security
Software and its engineering > Software notations and tools
Software and its engineering > Software organization and properties > Extra-functional properties > Software reliability
Testing
ISBN:9781424434534, 142443453X
ISSN:0270-5257
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In modern software systems, programs are obtained by dynamically assembling components. This has made it necessary to subject component providers to access-control restrictions. What permissions should be granted to each component? Too few permissions may cause run-time authorization failures, too many constitute a security hole. We have designed and implemented a composite algorithm for precise static permission analysis for Java and the CLR. Unlike previous work, the analysis is modular and fully integrated with a novel slicing-based string analysis that is used to statically compute the string values defining a permission and disambiguate permission propagation paths. The results of our research prototype on production-level Java code support the effectiveness, practicality, and precision of our techniques, and show outstanding improvement over previous work.
ISBN:9781424434534
142443453X
ISSN:0270-5257
DOI:10.1109/ICSE.2009.5070519