论文信息 - A Simple Semantics and Static Analysis for Java Security

A Simple Semantics and Static Analysis for Java Security

Security in Java depends on an access control mechanism specied operationally in terms of run-time stack inspection. We give a denotational semantics in \eager" form, and show that it is equivalent to the \lazy" seman- tics using stack inspection. We give a static analysis of safety, i.e., the absence of security errors, that is signicantly simpler than previous proposals. We identify several program transformations that can be used to remove run-time checks. We give complete, detailed proofs for safety of the analysis and for the transformations, exploiting compositionality of the \eager" semantics.

Anindya Banerjee | David A. Naumann | D. Naumann | A. Banerjee

[1] Scott F. Smith,et al. A Systematic Approach to Static Access Control , 2001, ESOP.

[2] Andrew W. Appel,et al. SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[3] Martín Abadi,et al. A calculus for access control in distributed systems , 1991, TOPL.

[4] Scott F. Smith,et al. Static enforcement of security with types , 2000, ICFP '00.