The JavaTM2 runtime system has a security mechanism which guarantees the code under execution has appropriate access permissions to a certain system resource. Use of this security mechanism requires access control policies to specify what operations are permitted on each such resource at each program point. Previous work proposed a program analysis algorithm to statically infer a semi-optimal policy set from given program text. However the proposed method cannot calculate the optimal policy when the target resource is determined by string values at run-time, since it does not keep track of all potential string values generated through built-in or user-defined methods. This results in generating excessive access policies where actually unnecessary resource accesses are permitted. To overcome such limitations, we apply static string analysis to program variables relevant to access control policies. This paper shows that unnecessary permissions can be reduced with string analysis by applying it to analyzing open-source libraries.
[1]
Mark-Jan Nederhof,et al.
Regular Approximation of Context-Free Grammars through Transformation
,
2001
.
[2]
Jerome H. Saltzer,et al.
The protection of information in computer systems
,
1975,
Proc. IEEE.
[3]
Edmund Grimley-Evans.
Approximating Context-Free Grammars with a Finite-State Calculus
,
1997,
ACL.
[4]
Marco Pistoia,et al.
Access rights analysis for Java
,
2002,
OOPSLA '02.
[5]
Yasuhiko Minamide,et al.
Static approximation of dynamically generated Web pages
,
2005,
WWW '05.
[6]
Aske Simon Christensen,et al.
Precise Analysis of String Expressions
,
2003,
SAS.