A Formal Framework for Access Rights Analysis

A stack-based access control mechanism is to prevent untrusted codes from accessing protected resources in distributed application systems, such as Java-centric web applications and Microsoft .NET framework. Such an access control mechanism is enforced at runtime by stack inspection that inspects methods in the current call stack for granted permissions. Nowadays practiced approaches to generating policy files for an application are still manually done by developers based on domainspecific knowledges and testing, due to overwhelming technical challenges involved and engineering efforts in the automation. This paper presents a formal framework of access rights analysis for Java applications, and algorithms of both policy generation and checking. The analysis of policy generation automatically generates access control policies for the given program that necessarily ensure the program to pass stack inspections. The analysis of policy checking takes as input a policy file and determines whether access control in the concerned domain always succeed or may fail. The answer can either help detect redundant inspection points or refine the given policies. All of the analysis algorithms are novelly designed by conditional weighted pushdown systems, in an attempt to achieve a high level of precision in the literature.

[1]  Gian Luigi Ferrari,et al.  Stack inspection and secure program transformations , 2004, International Journal of Information Security.

[2]  Anindya Banerjee,et al.  A Simple Semantics and Static Analysis for Java Security , 2001 .

[3]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[4]  Hiroyuki Seki,et al.  An efficient security verification method for programs with stack inspection , 2001, CCS '01.

[5]  Li Xin,et al.  Stacking-based Context-sensitive Points-to Analysis for Java , 2010 .

[6]  Somesh Jha,et al.  Weighted pushdown systems and their application to interprocedural dataflow analysis , 2003, Sci. Comput. Program..

[7]  Kyung-Goo Doh,et al.  A Practical String Analyzer by the Widening Approach , 2006, APLAS.

[8]  Mizuhito Ogawa,et al.  Conditional weighted pushdown systems and applications , 2010, PEPM '10.

[9]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[10]  Marco Pistoia,et al.  Access rights analysis for Java , 2002, OOPSLA '02.

[11]  Byeong-Mo Chang,et al.  Visualization of Permission Checks in Java Using Static Analysis , 2006, WISA.

[12]  Gian Luigi Ferrari,et al.  Static Analysis for Stack Inspection , 2001, ConCoord.

[13]  Barbara G. Ryder,et al.  Modular string-sensitive permission analysis with demand-driven precision , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[14]  Marco Pistoia,et al.  Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection , 2005, ECOOP.

[15]  Byeong-Mo Chang Static check analysis for Java stack inspection , 2006, SIGP.

[16]  Stefan Schwoon,et al.  Model checking pushdown systems , 2002 .

[17]  Sarfraz Khurshid,et al.  Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution , 2008, APLAS.