skip to main content
article

Static check analysis for Java stack inspection

Published:01 March 2006Publication History
Skip Abstract Section

Abstract

Most static analysis techniques for optimizing stack inspection approximate permission sets such as granted permissions and denied permissions. Because they compute permission sets following control flow, they usually take intra-procedural control flow into consideration as well as call relationship. In this paper, we observed that it is necessary for more precise optimization on stack inspection to compute more specific information on checks instead of permissions. We propose a backward static analysis based on simple call graph to approximate redundant permission checks which must fail. In a similar way, we also propose a backward static analysis to approximate success permission checks, which must pass stack inspection.

References

  1. M. Bartoletti, P. Degano, and G. L. Ferrari. Static Analysis for Stack Inspection. Electr. Notes Theor. Comput. Sci. 54, 2001.Google ScholarGoogle Scholar
  2. M. Bartoletti, P. Degano, G. L. Ferrari. Stack inspection and secure program transformations. Int. Journal of Information Security, Vol.2, pp. 187--217, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. F. Besson, T. Blanc, C. Fournet, A. D. Gordon. From Stack Inspection to Access Control: A Security Analysis for Libraries. CSFW 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. F. Besson, T. de Grenier de Latour, and T. Jensen. Secure calling contexts for stack inspection. In Proc. 4th Conference on Principles and Practice of Declarative Programming. ACM Press, New York, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. F. Besson, T. Jensen, D. Le Metayer, and T. Thorn. Model checking security properties of control flow graphs. Journal of Computer Security 9, pp. 217--250, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. U. Erlingsson and Fred B. Schneider. IRM Enforcement of Java Stack Inspection. 2000 IEEE Symposium on Security and Privacy, pp. 246--255. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. C. Fournet and A. D. Gordon. Stack inspection: Theory and variants. ACM Trans. Program. Lang. & Syst. 25(3): 360--399 (2003) Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. J. Gosling, Joy, Steele, The Java Language Specification Second Edition, Addison-Wesley, 2002 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Grove, G. DeFouw, J. Dean, and C. Chambers. Call Graph Construction in Object-Oriented Languages. ACM OOPSLA 1997, pp. 108--124. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. L. Koved, M. Pistoia, A. Kershenbaum. Access rights analysis for Java. OOPSLA 2002, pp. 359--372 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. F. Nielson, H. R. Nielson, and C. Hankin, Principles of Program Analysis, Springer-Verlag, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. N. Nitta, Y. Takata, H. Seki. An efficient security verification method for programs with stack inspection. 2001 ACM Conference on Computer and Communications Security, pp. 68--77. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. F. Pottier, C. Skalka, S. F. Smith. A systematic approach to static access control. ACM Trans. Program. Lang. & Syst. 27(2), pp. 344--382, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Frank Tip and Jens Palsberg. Scalable propagation-based call graph construction algorithms. ACM OOPSLA 2000, pp 281--293. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Dan S. Wallach, Andrew W. Appel, Edward W. Felten. SAFKASI: a security mechanism for language-based systems. ACM Trans. Softw. Eng. Method. 9(4), pp. 341--378, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. http://java.sun.com/j2se/1.5.0/docs/api.Google ScholarGoogle Scholar

Index Terms

  1. Static check analysis for Java stack inspection

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 41, Issue 3
        March 2006
        44 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/1140543
        Issue’s Table of Contents

        Copyright © 2006 Author

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 March 2006

        Check for updates

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!