Static use-based object confinement

The confinement of object references is a significant security concern for modern programming languages. We define a language that serves as a uniform model for a variety of confined object reference systems. A use-based approach to confinement is adopted, which we argue is more expressive than previous communication-based approaches. We then develop a readable, expressive type system for static analysis of the language, along with a type safety result demonstrating that run-time checks can be eliminated. The language and type system thus serve as a reliable, declarative, and efficient foundation for secure capability-based programming and object confinement .

[1]  Scott F. Smith,et al.  Types for programming language-based security , 2003 .

[2]  K. Rustan M. Leino,et al.  Data abstraction and information hiding , 2002, TOPL.

[3]  John Tang Boyland,et al.  Capabilities for Sharing: A Generalisation of Uniqueness and Read-Only , 2001, ECOOP.

[4]  Didier Rémy,et al.  Projective ML , 1992, LFP '92.

[5]  Jan Vitek,et al.  Confined types in Java , 2001, Softw. Pract. Exp..

[6]  Didier Rémy,et al.  Typing record concatenation for free , 1992, POPL '92.

[7]  Scott F. Smith,et al.  Set Types and Applications , 2003, TIP@MPC.

[8]  Peter M Uller,et al.  Universes: a type system for controlling representation exposure , 1999 .

[9]  Martin Odersky,et al.  Type Inference with Constrained Types , 1999, Theory Pract. Object Syst..

[10]  Andrew D. Gordon,et al.  Stack inspection: theory and variants , 2002, POPL '02.

[11]  Thorsten von Eicken,et al.  Type System Support for Dynamic Revocation , 1999 .

[12]  Jan Vitek,et al.  Confined types , 1999, OOPSLA '99.

[13]  Anindya Banerjee,et al.  Using access control for secure information flow in a Java-like language , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[14]  Anindya Banerjee,et al.  Representation independence, confinement and access control [extended abstract] , 2002, POPL '02.

[15]  Didier Rémy Syntactic theories and the algebra of record terms , 1992 .

[16]  Sylvain Conchon,et al.  Information flow inference for free , 2000, ICFP '00.

[17]  Martín Abadi,et al.  Secure network objects , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[18]  Scott F. Smith,et al.  A Systematic Approach to Static Access Control , 2001, ESOP.

[19]  Carl E. Landwehr,et al.  On Access Checking in Capability-Based Systems , 1987, IEEE Trans. Software Eng..

[20]  David Walker,et al.  A type system for expressive security policies , 2000, POPL '00.

[21]  Christian Skalka,et al.  Syntactic Type Soundness for HM(X) , 2002, Electron. Notes Theor. Comput. Sci..

[22]  Sam Weber,et al.  Verifying the EROS confinement mechanism , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[23]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.

[24]  Sophia Drossopoulou,et al.  Ownership, encapsulation and the disjointness of type and effect , 2002, OOPSLA '02.

[25]  Jan Vitek,et al.  The JavaSeal Mobile Agent Kernel , 1999, Proceedings. First and Third International Symposium on Agent Systems Applications, and Mobile Agents.

[26]  François Pottier,et al.  A Versatile Constraint-Based Type Inference System , 2000, Nord. J. Comput..

[27]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, Inf. Comput..

[28]  Jon L. White Proceedings of the 1992 ACM conference on LISP and functional programming , 1992 .

[29]  James Noble,et al.  Simple Ownership Types for Object Containment , 2001, ECOOP.

[30]  Craig Chambers,et al.  Alias annotations for program understanding , 2002, OOPSLA '02.