Static Analysis for Stack Inspection

Abstract We propose two control flow analyses for the Java bytecode. They safely approximate the set of permissions granted/denied to code at run-time. This static information helps optimizing the implementation of the stack inspection algorithm.

[1]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[2]  Stephen N. Freund,et al.  A formal framework for the Java bytecode language and verifier , 1999, OOPSLA '99.

[3]  Andrew W. Appel,et al.  SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[4]  Christopher Wille Presenting C , 2000 .

[5]  Tobias Nipkow Verified Bytecode Verifiers , 2001, FoSSaCS.

[6]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[7]  Stephen N. Freund,et al.  A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[8]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[9]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[10]  Barbara G. Ryder,et al.  Data-flow analysis of program fragments , 1999, ESEC/FSE-7.

[11]  V.V.S. Raveendra Inside java 2 platform security: architecture, API design and implementation [Book Review] , 2002, IEEE Software.

[12]  Allen Goldberg,et al.  A specification of Java loading and bytecode verification , 1998, CCS '98.

[13]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[14]  David Grove,et al.  Call graph construction in object-oriented languages , 1997, OOPSLA '97.

[15]  Scott F. Smith,et al.  A Systematic Approach to Static Access Control , 2001, ESOP.

[16]  Jong-Deok Choi,et al.  A framework for interprocedural optimization in the presence of dynamic class loading , 2000, PLDI '00.

[17]  Zhenyu Qian,et al.  Toward a provably-correct implementation of the JVM bytecode verifier , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[18]  Daniel Le Métayer,et al.  Verification of control flow based security properties , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[19]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.