论文信息 - Static Verification of Code Access Security Policy Compliance of .NET Applications

Static Verification of Code Access Security Policy Compliance of .NET Applications

Stack inspection-based sandboxing originated as a security mechanism for safely executing partially trusted code. Today, it is widely used for the more general purpose of supporting the principle of least privilege in component-based software development. In this more general setting, the permissions required by a component to run properly, or the permissions needed by other components to successfully call methods in a given component are conceptually part of the interface specification of the component. Hence, correct documentation of this part of the interface is essential. In this paper, we propose formal component and method contracts for stack inspectionbased sandboxing, and we show that formal verification of these contracts is feasible with state-of-the-art program verification tools. Our contracts are significantly more expressive than existing type systems for stack inspection-based sandboxing. We describe our solution in the context of the sandboxing mechanism in the .NET Framework, called Code Access Security. Our system relies on the Spec# programming language and its accompanying static verification tool.

Frank Piessens | Jan Smans | Bart Jacobs

[1] David Stutz,et al. Shared source CLI essentials , 2003 .

[2] Peter Mueller,et al. Reasoning About Method Calls in JML Specifications , 2005 .

[3] Marco Pistoia,et al. Access rights analysis for Java , 2002, OOPSLA '02.

[4] Jean-Louis Lanet,et al. Enforcing High-Level Security Properties for Applets , 2004, CARDIS.

[5] Martín Abadi,et al. Access Control Based on Execution History , 2003, NDSS.

[6] Andrew W. Appel,et al. SAFKASI: a security mechanism for language-based systems , 2000, TSEM.

[7] Adam Freeman,et al. Programming .Net Security , 2003 .

[8] Scott F. Smith,et al. A Systematic Approach to Static Access Control , 2001, ESOP.

[9] K. Rustan M. Leino,et al. The Spec# Programming System: An Overview , 2004, CASSIS.

[10] Cédric Fournet,et al. Stack inspection: Theory and variants , 2003, TOPL.

[11] Gian Luigi Ferrari,et al. Static Analysis for Stack Inspection , 2001, ConCoord.

[12] Andrew D. Gordon,et al. From stack inspection to access control: a security analysis for libraries , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[13] Dan S. Wallach,et al. Java security: Web browsers and beyond , 1997 .