Securing Java with Local Policies

We propose an extension to the security model of Java. It allows for specifying, analysing and enforcing history-based policies. Policies are defined by finite state automata recognizing the permitted execution histories. Programmers can sandbox an untrusted piece of code with a policy, which is enforced at run-time through its local scope. A static analysis allows for optimizing the execution monitor, that will only check the program points where some security violation may actually occur.

[1]  Lujo Bauer,et al.  Composing security policies with polymer , 2005, PLDI '05.

[2]  Jan A. Bergstra,et al.  Algebra of Communicating Processes with Abstraction , 1985, Theor. Comput. Sci..

[3]  Massimo Bartoletti,et al.  Usage Automata , 2009, ARSPA-WITS.

[4]  Atsushi Igarashi,et al.  Resource usage analysis , 2002, POPL '02.

[5]  Karen Renaud Experience with statically-generated proxies for facilitating Java runtime specialisation , 2002, IEE Proc. Softw..

[6]  Raju Pandey,et al.  Providing Fine-grained Access Control for Java Programs , 1999, ECOOP.

[7]  Jing Wang,et al.  HBAC: A Model for History-Based Access Control and Its Model Checking , 2006, ESORICS.

[8]  Ian Welch,et al.  Kava - Using Byte code Rewriting to add Behavioural Reflection to Java , 2001, COOTS.

[9]  Thomas Colcombet,et al.  Enforcing trace properties by program transformation , 2000, POPL '00.

[10]  Fabio Martinelli,et al.  Improving Grid Services Security with Fine Grain Policies , 2004, OTM Workshops.

[11]  Javier Esparza,et al.  On the Decidability of Model Checking for Several µ-calculi and Petri Nets , 1994, CAAP.

[12]  Philip W. L. Fong Access control by tracking shallow execution history , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[13]  Gian Luigi Ferrari,et al.  Static Analysis for Stack Inspection , 2001, ConCoord.

[14]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[15]  Jarred Adam Ligatti,et al.  More Enforceable Security Policies , 2002 .

[16]  Gian Luigi Ferrari,et al.  Semantics-Based Design for Secure Web Services , 2008, IEEE Transactions on Software Engineering.

[17]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[18]  Martín Abadi,et al.  Access Control Based on Execution History , 2003, NDSS.

[19]  Fabio Martinelli,et al.  Towards Continuous Usage Control on Grid Computational Services , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[20]  Cédric Fournet,et al.  Stack inspection: Theory and variants , 2003, TOPL.

[21]  Bruno Crispo,et al.  Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[22]  Eric Bodden,et al.  Finding programming errors earlier by evaluating runtime monitors ahead-of-time , 2008, SIGSOFT '08/FSE-16.

[23]  F. Massacci,et al.  Matching Midlet’s Security Claims with a Platform Security Policy using Automata Modulo Theory∗ , 2007 .

[24]  Scott F. Smith,et al.  History Effects and Verification , 2004, APLAS.

[25]  David Grove,et al.  A framework for call graph construction algorithms , 2001, TOPL.

[26]  Fabio Martinelli,et al.  Enhancing Java Security with History Based Access Control , 2007, FOSAD.

[27]  Gian Luigi Ferrari,et al.  Model Checking Usage Policies , 2008, TGC.

[28]  Gian Luigi Ferrari,et al.  History-Based Access Control with Local Policies , 2005, FoSSaCS.

[29]  Peter J. Stuckey,et al.  Resource Usage Verification , 2003, APLAS.

[30]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[31]  Fabio Massacci,et al.  Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code , 2007, EuroPKI.

[32]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[33]  Gian Luigi Ferrari,et al.  Types and Effects for Resource Usage Analysis , 2007, FoSSaCS.

[34]  Jean-Louis Lanet,et al.  JACK - A Tool for Validation of Security and Behaviour of Java Applications , 2006, FMCO.

[35]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[36]  Massimo Bartoletti,et al.  LocUsT: a tool for checking usage policies , 2008 .

[37]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[38]  Assaf J. Kfoury,et al.  Formal semantics of weak references , 2005, ISMM '06.

[39]  Edward J. McCluskey,et al.  Signal Flow Graph Techniques for Sequential Circuit State Diagrams , 1963, IEEE Trans. Electron. Comput..

[40]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[41]  Peter Thiemann,et al.  Enforcing Safety Properties Using Type Specialization , 2001, ESOP.

[42]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[43]  Anindya Banerjee,et al.  History-Based Access Control and Secure Information Flow , 2004, CASSIS.

[44]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.