A static type system for JVM access control

This paper presents a static type system for JAVA Virtual Machine (JVM) code that enforces an access control mechanism similar to the one found, for example, in a JAVA implementation. In addition to verifying type consistency of a given JVM code, the type system statically verifies that the code accesses only those resources that are granted by the prescribed access policy. The type system is proved to be sound with respect to an operational semantics that enforces access control dynamically, similarly to JAVA stack inspection. This result ensures that "well typed code cannot violate access policy." The paper then develops a type inference algorithm and shows that it is sound with respect to the type system and that it always infers a minimal set of access privileges. These results allows us to develop a static system for JVM access control without resorting to costly runtime stack inspection.

[1]  Scott F. Smith,et al.  History Effects and Verification , 2004, APLAS.

[2]  Marco Pistoia,et al.  Access rights analysis for Java , 2002, OOPSLA '02.

[3]  Sheng Liang,et al.  Dynamic class loading in the Java virtual machine , 1998, OOPSLA '98.

[4]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Matthias Felleisen,et al.  A Tail-Recursive Semantics for Stack Inspections , 2003, ESOP.

[6]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[7]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[8]  Xavier Leroy,et al.  Java Bytecode Verification: Algorithms and Formalizations , 2003, Journal of Automated Reasoning.

[9]  Anindya Banerjee,et al.  Representation independence, confinement and access control [extended abstract] , 2002, POPL '02.

[10]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[11]  Scott F. Smith,et al.  Static enforcement of security with types , 2000, ICFP '00.

[12]  Takahiro Kiuchi Report on the Internet Society Symposium on Network and Distributed System Security , 1999 .

[13]  Cédric Fournet,et al.  Stack inspection: Theory and variants , 2003, TOPL.

[14]  Robert Cartwright,et al.  Soft typing , 1991, PLDI '91.

[15]  Joachim Posegga,et al.  Byte Code Verification for Java Smart Card Based on Model Checking , 1998, ESORICS.

[16]  Günter Karjoth An operational semantics of Java 2 access control , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[17]  Gerwin Klein,et al.  Verified Bytecode Subroutines , 2003, Journal of Automated Reasoning.

[18]  Stephen N. Freund,et al.  A Type System for the Java Bytecode Language and Verifier , 2003, Journal of Automated Reasoning.

[19]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[20]  Atsushi Ohori,et al.  The Logical Abstract Machine: A Curry-Howard Isomorphism for Machine Code , 1999, Fuji International Symposium on Functional and Logic Programming.

[21]  Wayne Snyder,et al.  Complete Sets of Transformations for General E-Unification , 1989, Theor. Comput. Sci..

[22]  Stephen N. Freund,et al.  A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[23]  Xavier Leroy,et al.  Polymorphic typing of an algorithmic language , 1992 .

[24]  Scott F. Smith,et al.  A systematic approach to static access control , 2001, TOPL.

[25]  Li Gong,et al.  Implementing Protection Domains in the JavaTM Development Kit 1.2 , 1998, NDSS.

[26]  Andrew W. Appel,et al.  SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[27]  Christian Skalka Trace effects and object orientation , 2005, PPDP '05.

[28]  Tomoyuki Higuchi,et al.  Java bytecode as a typed term calculus , 2002, PPDP '02.

[29]  Anindya Banerjee,et al.  A Simple Semantics and Static Analysis for Java Security , 2001 .

[30]  Tomoyuki Higuchi,et al.  A static type system for JVM access control , 2003, ACM SIGPLAN Notices.