Abstract
Reflection is a powerful programming language feature that enables language extensions, generic code, dynamic analyses, development tools, etc. However, uncontrolled reflection breaks object encapsulation and considerably increases the attack surface of programs e.g., malicious libraries can use reflection to attack their client applications. To bring reflection and object encapsulation back together, we use dynamic object ownership to design an access control policy to reflective operations. This policy grants objects full reflective power over the objects they own but limited reflective power over other objects. Code is still able to use advanced reflective operations but reflection cannot be used as an attack vector anymore.
- M. Ancona, W. Cazzola, and E. B. Fernandez. Reflective authorization systems: Possibilities, benefits, and drawbacks. In Secure Internet Programming, pages 35–49. Springer, 1999. Google Scholar
Digital Library
- G. Bracha and D. Ungar. Mirrors: Design principles for metalevel facilities of object-oriented programming languages. In Proceedings of OOPSLA’04, pages 331–344, 2004. Google Scholar
Digital Library
- M. Büchi and W. Weck. Generic wrappers. In Proceedings of ECOOP’00, pages 201–225, 2000. Google Scholar
Digital Library
- D. Caromel and J. Vayssière. Reflections on MOPs, components, and Java security. In Proceedings of ECOOP’01, pages 256–274, 2001. Google Scholar
Digital Library
- D. Caromel, F. Huet, and J. Vayssière. A simple security-aware MOP for Java. In Proceedings of the International Conference on Metalevel Architectures and Separation of Crosscutting Concerns (REFLECTION), pages 118–125, 2001. Google Scholar
Digital Library
- D. G. Clarke, J. M. Potter, and J. Noble. Ownership types for flexible alias protection. In Proceedings of OOPSLA’98, pages 48–64, 1998. Google Scholar
Digital Library
- D. G. Clarke, J. Noble, and J. M. Potter. Simple ownership types for object containment. In Proceedings of ECOOP’01, pages 53–76, 2001. Google Scholar
Digital Library
- D. G. Clarke, J. Östlund, I. Sergey, and T. Wrigstad. Ownership types: A survey. In Aliasing in Object-Oriented Programming. Types, Analysis and Verification, pages 15–58. Springer, 2013. Google Scholar
Digital Library
- W. De Meuter, E. Tanter, S. Mostinckx, T. Van Cutsem, and J. Dedecker. Flexible object encapsulation for ambient-oriented programming. In Proceedings of DLS’05, pages 11–21, 2005. Google Scholar
Digital Library
- P. Eugster. Uniform proxies for Java. In Proceedings of OOPSLA’06, pages 139–152, 2006. Google Scholar
Digital Library
- J. Ferber. Computational reflection in class-based object-oriented languages. In Proceedings of OOPSLA’89, pages 317–326, 1989. Google Scholar
Digital Library
- D. Gordon and J. Noble. Dynamic ownership in a dynamic language. In Proceedings of DLS’07, pages 41–52, 2007. Google Scholar
Digital Library
- G. Kiczales, J. des Rivières, and D. G. Bobrow. The Art of the Metaobject Protocol. MIT Press, 1991. Google Scholar
Digital Library
- P. Maes. Concepts and experiments in computational reflection. In Proceedings of OOPSLA’87, pages 147–155, 1987. Google Scholar
Digital Library
- A. Mettler, D. Wagner, and T. Close. Joe-E: A security-oriented subset of java. In Proceedings of the Symposium on Network and Distributed System Security (NDSS), pages 357–374, 2010.Google Scholar
- M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, 2006. Google Scholar
Digital Library
- M. S. Miller and J. S. Shapiro. Paradigm regained: Abstraction mechanisms for access control. In Advances in Computing Science–ASIAN 2003. Progamming Languages and Distributed Computation, pages 224–242. Springer, 2003.Google Scholar
Cross Ref
- S. Mostinckx, T. Van Cutsem, S. Timbermont, E. Gonzalez Boix, E. Tanter, and W. De Meuter. Mirror-based reflection in ambienttalk. Software: Practice and Experience, 39(7):661–699, 2009. Google Scholar
Digital Library
- J. Noble, J. Vitek, and J. Potter. Flexible alias protection. In Proceedings of ECOOP’98, pages 158–185, 1998. Google Scholar
Digital Library
- J. Noble, D. Clarke, and J. Potter. Object ownership for dynamic alias protection. In Proceedings of TOOLS’99, pages 176–187, 1999. Google Scholar
Digital Library
- G. A. Pascoe. Encapsulators: A new software paradigm in smalltalk- 80. In Proceedings of OOPSLA’86, pages 341–346, 1986. Google Scholar
Digital Library
- M. M. Peck, N. Bouraqadi, L. Fabresse, M. Denker, and C. Teruel. Ghost: A uniform and general-purpose proxy implementation. Science of Computer Programming, 98:339–359, 2015.Google Scholar
Digital Library
- T. Riechmann and F. J. Hauck. Meta objects for access control: Extending capability-based security. In Proceedings of the Workshop on New security paradigms, pages 17–22, 1997. Google Scholar
Digital Library
- T. Riechmann and J. Kleinöder. Meta objects for access control: Role-based principals. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP), pages 296–307, 1998. Google Scholar
Digital Library
- B. C. Smith. Reflection and semantics in lisp. In Proceedings of POPL’84, pages 23–35, 1984. Google Scholar
Digital Library
- T. Van Cutsem and M. S. Miller. Proxies: Design principles for robust object-oriented intercession APIs. In Proceedings of DLS’10, pages 59–72, 2010. Google Scholar
Digital Library
- T. Van Cutsem and M. S. Miller. Trustworthy proxies. In Proceedings of ECOOP’13, pages 154–178, 2013. Google Scholar
Digital Library
Index Terms
Access control to reflection with object ownership
Recommendations
Access control to reflection with object ownership
DLS 2015: Proceedings of the 11th Symposium on Dynamic LanguagesReflection is a powerful programming language feature that enables language extensions, generic code, dynamic analyses, development tools, etc. However, uncontrolled reflection breaks object encapsulation and considerably increases the attack surface ...
Mirror-based reflection in AmbientTalk
This paper introduces a novel mechanism to perform intercession (a form of reflection) in an object-oriented programming language with the goal of making the language extensible from within itself. The proposed mechanism builds upon a mirror-based ...
Safe reflection through polymorphism
CASTA '09: Proceedings of the first international workshop on Context-aware software technology and applicationsCode executed in a fully reflective system switches back and forth between application and interpreter code. These two states can be seen as contexts in which an expression is evaluated. Current language implementations obtain reflective capabilities by ...






Comments