skip to main content
research-article

Access control to reflection with object ownership

Published:21 October 2015Publication History
Skip Abstract Section

Abstract

Reflection is a powerful programming language feature that enables language extensions, generic code, dynamic analyses, development tools, etc. However, uncontrolled reflection breaks object encapsulation and considerably increases the attack surface of programs e.g., malicious libraries can use reflection to attack their client applications. To bring reflection and object encapsulation back together, we use dynamic object ownership to design an access control policy to reflective operations. This policy grants objects full reflective power over the objects they own but limited reflective power over other objects. Code is still able to use advanced reflective operations but reflection cannot be used as an attack vector anymore.

References

  1. M. Ancona, W. Cazzola, and E. B. Fernandez. Reflective authorization systems: Possibilities, benefits, and drawbacks. In Secure Internet Programming, pages 35–49. Springer, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. G. Bracha and D. Ungar. Mirrors: Design principles for metalevel facilities of object-oriented programming languages. In Proceedings of OOPSLA’04, pages 331–344, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Büchi and W. Weck. Generic wrappers. In Proceedings of ECOOP’00, pages 201–225, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. D. Caromel and J. Vayssière. Reflections on MOPs, components, and Java security. In Proceedings of ECOOP’01, pages 256–274, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. D. Caromel, F. Huet, and J. Vayssière. A simple security-aware MOP for Java. In Proceedings of the International Conference on Metalevel Architectures and Separation of Crosscutting Concerns (REFLECTION), pages 118–125, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. G. Clarke, J. M. Potter, and J. Noble. Ownership types for flexible alias protection. In Proceedings of OOPSLA’98, pages 48–64, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. G. Clarke, J. Noble, and J. M. Potter. Simple ownership types for object containment. In Proceedings of ECOOP’01, pages 53–76, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. G. Clarke, J. Östlund, I. Sergey, and T. Wrigstad. Ownership types: A survey. In Aliasing in Object-Oriented Programming. Types, Analysis and Verification, pages 15–58. Springer, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. W. De Meuter, E. Tanter, S. Mostinckx, T. Van Cutsem, and J. Dedecker. Flexible object encapsulation for ambient-oriented programming. In Proceedings of DLS’05, pages 11–21, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Eugster. Uniform proxies for Java. In Proceedings of OOPSLA’06, pages 139–152, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Ferber. Computational reflection in class-based object-oriented languages. In Proceedings of OOPSLA’89, pages 317–326, 1989. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Gordon and J. Noble. Dynamic ownership in a dynamic language. In Proceedings of DLS’07, pages 41–52, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. G. Kiczales, J. des Rivières, and D. G. Bobrow. The Art of the Metaobject Protocol. MIT Press, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. P. Maes. Concepts and experiments in computational reflection. In Proceedings of OOPSLA’87, pages 147–155, 1987. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. Mettler, D. Wagner, and T. Close. Joe-E: A security-oriented subset of java. In Proceedings of the Symposium on Network and Distributed System Security (NDSS), pages 357–374, 2010.Google ScholarGoogle Scholar
  16. M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. S. Miller and J. S. Shapiro. Paradigm regained: Abstraction mechanisms for access control. In Advances in Computing Science–ASIAN 2003. Progamming Languages and Distributed Computation, pages 224–242. Springer, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  18. S. Mostinckx, T. Van Cutsem, S. Timbermont, E. Gonzalez Boix, E. Tanter, and W. De Meuter. Mirror-based reflection in ambienttalk. Software: Practice and Experience, 39(7):661–699, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. J. Noble, J. Vitek, and J. Potter. Flexible alias protection. In Proceedings of ECOOP’98, pages 158–185, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. J. Noble, D. Clarke, and J. Potter. Object ownership for dynamic alias protection. In Proceedings of TOOLS’99, pages 176–187, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. G. A. Pascoe. Encapsulators: A new software paradigm in smalltalk- 80. In Proceedings of OOPSLA’86, pages 341–346, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. M. Peck, N. Bouraqadi, L. Fabresse, M. Denker, and C. Teruel. Ghost: A uniform and general-purpose proxy implementation. Science of Computer Programming, 98:339–359, 2015.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. T. Riechmann and F. J. Hauck. Meta objects for access control: Extending capability-based security. In Proceedings of the Workshop on New security paradigms, pages 17–22, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. T. Riechmann and J. Kleinöder. Meta objects for access control: Role-based principals. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP), pages 296–307, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. B. C. Smith. Reflection and semantics in lisp. In Proceedings of POPL’84, pages 23–35, 1984. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. T. Van Cutsem and M. S. Miller. Proxies: Design principles for robust object-oriented intercession APIs. In Proceedings of DLS’10, pages 59–72, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. T. Van Cutsem and M. S. Miller. Trustworthy proxies. In Proceedings of ECOOP’13, pages 154–178, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Access control to reflection with object ownership

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 51, Issue 2
      DLS '15
      Feburary 2016
      176 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2936313
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        DLS 2015: Proceedings of the 11th Symposium on Dynamic Languages
        October 2015
        176 pages
        ISBN:9781450336901
        DOI:10.1145/2816707

      Copyright © 2015 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 21 October 2015

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!