Secure calling contexts for stack inspection

Proceedings of the ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP'02)

Volumn , Issue , 2002, Pages 76-87

  Besson, Frédéric ^a   De Latour, Thomas de Grenier ^a   Jensen, Thomas ^a  

^a CAMPUS DE BEAULIEU   (France)

Author keywords

Language Based Security; Linear Temporal Logic; Stack Inspection; Static Program Analysis

Indexed keywords

COMPUTER ARCHITECTURE; CONSTRAINT THEORY; FORMAL LOGIC; SECURITY OF DATA;

STACK INSPECTION;

JAVA PROGRAMMING LANGUAGE;

EID: 0036989122     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/571157.571166     Document Type: Conference Paper

References (24)

1. D. F. Bacon and P. F. Sweeney. Fast Static Analysis of C++ Virtual Function Calls. In Proc. of OOPSLA '96, volume 31(10) of ACM SIGPLAN Notices, pages 324-341, New York, 1996. ACM Press.
2. G. Barthe, D. Gurov, and M. Huisman. Compositional verification of secure applet interactions. In Proc. of Foundations of Software Engineering (FASE'02). To appear in Springer LNCS, 2002.
3. M. Bartoletti, P. Degano, and G. Ferrari. Static analysis for stack inspection. In Proc. of Int. workshop on Concurrency and Coordination (ConCoord 2001), Electronic Notes in Theoretical Computer Science vol. 54. Elsevier, 2001.
4. F. Besson, T. Jensen, D. Le Métayer, and T. Thorn. Model ckecking security properties of control flow graphs. Journal of Computer Security, 9:217-250, 2001.
5. T. Colcombet and P. Fradet. Enforcing trace properties by program transformation. In Proc. of 27 ACM Symp. on Principles of Programming Languages (POPL'00), pages 54-66. ACM Press, 2000.
6. P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximations of fixpoints. In Proc. of 4th ACM Symposium on Principles of Programming Languages, pages 238-252, Los Angeles, CA, 1977. ACM Press, New York.
7. P. Cousot and R. Cousot. Automatic synthesis of optimal invariant assertions: Mathematical foundations. In Proc. of the ACM Symposium on Artificial Intelligence and Programming Languages, SIGPLAN Notices, (8), pages 1-12, Rochester, NY, 1977.
8. P. Cousot and R. Cousot. Formal language, grammar and set constraint-based program analysis by abstract interpretation. In Proc. of the ACM Conf. on Functional Programming Languages and Computer Architecture (FPCA '95), pages 170-181. ACM Press, 1995.
9. E. A. Emerson. Temporal and Modal Logic. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, volume B, pages 996-1072, Amsterdam, 1990. Elsevier Science Publishers.
10. U. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In New Security Paradigms Workshop. ACM Press, 2000.
11. C. Fournet and A. Gordon. Stack inspection: Theory and variants. In Proc. of the 29th ACM Symp. on Principles of Programming Languages (POPL '02). ACM Press, 2002.
12. L. Gong. Going beyond the sandbox: An overview of the new security architecture in the Java development kit 1.2. In Proc. of USENIX Symposium on Internet Technologies and Systems, Dec. 1997.
13. D. Grove, G. Furrow, J. Dean, and C. Chambers. Call graph construction in object-oriented languages. In Proc. of Object-Oriented Programming Systems, Languages and Applications (OOPSLA'97), 1997.
14. T. Jensen, D. Le Métayer, and T. Thorn. Verification of control flow based security properties. In Proc. of the 20th IEEE Symp. on Security and Privacy, pages 89-103. New York: IEEE Computer Society, 1999.
15. Microsoft Corp. Secure Coding Guidelines for the .NET Framework. Microsoft Corp., 2002.
16. F. Nielson, H. R. Nielson, and C. L. Hankin. Principles of Program Analysis. Springer, 1999.
17. J. Palsberg and M. I. Schwartzbach. Object-Oriented Type Systems. John Wiley & Sons, 1994.
18. H. Pande and B. Ryder. Data-flow-based virtual function resolution. In Proc. of 3rd Static Analysis Symposium (SAS'96). Springer LNCS vol. 1145, 1996.
19. F. Pottier, C. Skalka, and S. Smith. A systematic approach to static access control. In D. Sands, editor, Proc. of the 10th European Symposium on Programming (ESOP'01), pages 30-45. Springer LNCS vol. 2028, 2001.
20. F. Schneider. Enforceable security policies. ACM Trans. on Information and System Security, 3(1):30-50, 2000. Preliminary version appeared as Cornell Univ. Tech. Rep. TR 98-1664,1998.
21. C. Skalka and S. Smith. Static enforcement of security with types. In Proc. of 5th International Conference on Functional Programming (ICFP'00), pages 34-45. ACM Press, 2000.
22. M. Y. Vardi. An Automata-Theoretic Approach to Linear Temporal Logic, volume 1043 of Lecture Notes in Computer Science, pages 238-266. Springer-Verlag Inc., New York, NY, USA, 1996.
23. D. S. Wallach. A new approach to mobile code security. PhD thesis, Dept. of Computer Science, Princeton University, Jan. 1999.
24. D. S. Wallach and E. W. Felten. Understanding Java stack inspection. In 1998 IEEE Symposium on Security and Privacy, May 1998.