Beyond stack inspection: A unified access-control and information-flow security model

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2007, Pages 149-163

  Pistoia, Marco ^a   Banerjee, Anindya ^b   Naumann, David A ^c  

^a IBM T J WATSON RESEARCH CENTER   (United States)

^b KANSAS STATE UNIVERSITY   (United States)

^c STEVENS INSTITUTE OF TECHNOLOGY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION RETRIEVAL; JAVA PROGRAMMING LANGUAGE; MATHEMATICAL MODELS; OBJECT ORIENTED PROGRAMMING; SENSITIVITY ANALYSIS;

COMMON LANGUAGE RUNTIME (CLR); STACK INSPECTION;

ACCESS CONTROL;

EID: 34548708576     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2007.10     Document Type: Conference Paper

References (45)

1. M. Abadi and C. Fournet. Access Control Based on Execution History. In Proceedings of the 11th Network and Distributed System Security Symposium (NDSS 2003), San Diego, CA, USA, Feb. 2003.
2. T. Amtoft, S. Bandhakavi, and A. Banerjee. A Logic for Information Flow in Object-Oriented Programs. In Proceedings of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2006), pages 91-102, Charleston, SC, USA, Jan. 2006. Extended version as KSU CIS-TR-2005-1.
3. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, Copenhagen, Denmark, May 1994.
4. K. Ashcraft and D. Engler. Using Programmer-Written Compiler Extensions to Catch Security Holes. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 143-159, Oakland, CA, USA, May 2002. IEEE Computer Society.
5. A. Banerjee and D. A. Naumann. History-based Access Control and Secure Information Flow. In G. Barthe, L. Burdy, M. Huisman, J.-L. Lanet, and T. Muntean, editors, Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, International Workshop (CASSIS 2004), Revised Selected Papers, volume 3362 of Lecture Notes in Computer Science, 2005.
6. A. Banerjee and D. A. Naumann. Stack-based Access Control for Secure Information Flow. Journal of Functional Programming, 15(2):131-177, Mar. 2005. Special Issue on Language Based Security.
7. G. Barthe, D. A. Naumann, and T. Rezk. Deriving an Information Flow Checker and Certifying Compiler for Java. In 27th IEEE Symposium on Security and Privacy, pages 230-242, Oakland, CA, USA, May 2006.
8. G. Barthe and T. Rezk. Non-interference for a JVM-like Language. In M. Fähndrich, editor, Proceedings of 2005 ACM SIGPLAN International Workshop on Types in Languages Design and Implementatio (TLDI 2005), pages 103-112, Long Beach, CA, USA, Jan. 2005. ACM Press.
9. M. Bartoletti, P. Degano, and G. L. Ferrari. Static Analysis for Stack Inspection. In Proceedings of International Workshop on Concurrency and Coordination, Electronic Notes in Theoretical Computer Science, volume 54, Amsterdam, The Netherlands, 2001. Elsevier.
10. F. Besson, T. Blanc, C. Fournet, and A. D. Gordon. From Stack Inspection to Access Control: A Security Analysis for Libraries. In Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW-17 2004), pages 61-75, Pacific Grove, CA, USA, June 2004. IEEE Computer Society.
11. M. Bishop and M. Dilger. Checking for Race Conditions in File Accesses. Computing Systems, 9(2):131-152, Spring 1996.
12. D. E. Denning. A Lattice Model of Secure Information Flow. Communications of the ACM, 19(5):236-243, May 1976.
13. D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. Communications of the ACM, 20(7):504-513, July 1977.
14. Eclipse Project, http://www.eclipse.org.
15. Equinox Java Security Project, http://www.eclipse.org/equinox/incubator/ security/java2security.html.
16. J. S. Fenton. Memoryless Subsystems. The Computer Journal, 17(2):143-147, 1974.
17. J. S. Foster, T. Terauchi, and A. Aiken. Flow-Sensitive Type Qualifiers. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2002), pages 1-12, Berlin, Germany, June 2002.
18. C. Fournet and A. D. Gordon. Stack Inspection: Theory and Variants. In Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 2002), pages 307-318, Portland, OR, USA, Jan. 2002. ACM Press.
19. J. A. Goguen and J. Meseguer. Security Policies and Security Models. In Proceedings of the 1982 IEEE Symposium on Security and Privacy, pages 11-20, Oakland, CA, USA, May 1982. IEEE Computer Society Press.
20. L. Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. In USENIX Symposium on Internet Technologies and Systems, Monterey, CA, USA, Dec. 1997.
21. D. Grove and C. Chambers. A Framework for Call Graph Construction Algorithms. ACM Trans. Program. Lang. Syst., 23(6):685-746, November 2001.
22. G. L. Guernic, A. Banerjee, T. Jensen, and D. A. Schmidt. Automata-based Confidentiality Monitoring. In Proceedings of 11th Annual Asian Computing Science Conference (ASIAN 2006), Tokio, Japan, Dec. 2006.
23. C. Hammer, J. Krinke, and G. Snelting. Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In Proceedings of IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA, Mar. 2006.
24. N. Hardy. The Confused Deputy. ACM SIGOPS Operating Systems Review, 22(4):36-38, Oct. 1988.
25. T. P. Jensen, D. L. Métayer, and T. Thorn. Verification of Control Flow Based Security Properties. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 89-103, Oakland, CA, USA, May 1999.
26. G. A. Kildall. A Unified Approach to Global Program Optimization. In Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 194-206, Boston, MA, USA, 1973. ACM Press.
27. L. Koved, M. Pistoia, and A. Kershenbaum. Access Rights Analysis for Java. In Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pages 359-372, Seattle, WA, USA, November 2002. ACM Press.
28. V. B. Livshits and M. S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. In Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, July 2005.
29. A. C. Myers. JFlow: Practical Mostly-static Information Flow Control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1999), pages 228-241, San Antonio, TX, USA, Jan. 1999.
30. D. A. Naumann. Verifying a Secure Information Flow Analyzer. In J. Hurd and T. Melham, editors, 18th International Conference on Theorem Proving in Higher Order Logics TPHOLs 2005, volume 3603 of Lecture Notes in Computer Science, pages 211-226, Oxford, UK, Aug. 2005. Springer.
31. J. Newsome and D. X. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the 12th Network and Distributed System Security Symposium (NDSS 2005), San Diego, CA, USA, Feb. 2005. IEEE Computer Society.
32. N. Paul and D. Evans. .NET Security: Lessons Learned and Missed from Java. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), pages 272-281, Washington, DC, USA, December 2004. IEEE Computer Society.
33. M. Pistoia, R. J. Flynn, L. Koved, and V. C. Sreedhar. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In Proceedings of the 19th European Conference on Object-Oriented Programming, pages 362-386, Glasgow, Scotland, UK, July 2005. Springer-Verlag.
34. F. Pottier, C. Skalka, and S. F. Smith. A Systematic Approach to Static Access Control. In Proceedings of the 10th European Symposium on Programming Languages and Systems, pages 30-45. Springer-Verlag, 2001.
35. J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. In Proceedings of the IEEE, volume 63, pages 1278-1308, Sept. 1975.
36. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In Proceedings of the 10th USENIX Security Symposium, Washington, DC, USA, Aug. 2001.
37. G. Snelting, T. Robschink, and J. Krinke. Efficent Path Conditions in Dependence Graphs for Software Safety Analysis. ACM Transactions on Software Engineering and Methodology (TOSEM), 15(4):410-457, October 2006.
38. A. Stoughton. Access Flows: A Protection Model which Integrates Access Control and Information Flow. In Proceedings of the 1981 IEEE Symposium on Security and Privacy, pages 9-18, Oakland, CA, USA, May 1981.
39. IBM Security Workbench Development Environment for Java (SWORD4J), http://www.alphaworks.ibm.com/tech/sword4j.
40. Úlfar Erlingsson and F. B. Schneider. IRM Enforcement of Java Stack Inspection. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 246-255, Oakland, CA, USA, May 2000. IEEE Computer Society.
41. D. Volpano, C. Irvine, and G. Smith. A Sound Type System for Secure Flow Analysis. Journal of Computer Security, 4(2-3):167-187, Jan. 1996.
42. L. Wall, T. Christiansen, and J. Orwant. Programming Perl. O'Reilly & Associates, Inc., Sebastopol, CA, USA, third edition, July 2000.
43. D. S. Wallach, A. W. Appel, and E. W. Felten. SAFKASI: A Security Mechanism for Language-based Systems. ACM Transactions on Software Engineering and Methodology (TOSEM), 9(4):341-378, 2000.
44. D. S. Wallach and E. W. Felten. Understanding Java Stack Inspection. In Proceedings of the 1998 IEEE Symposium on Security and Privacy, pages 52-63, Oakland, CA, USA, May 1998.
45. T. Zhao and J. T. Boyland. Type Annotations to Improve Stack-Based Access Control. In 18th IEEE Computer Security Foundations Workshop (CSFW-18 2005), pages 197-210, Aix-en-Provence, France, June 2005. IEEE Computer Society.