Reducing Unnecessary Conservativeness in Access Rights Analysis with String Analysis

Abstract

The JavaTM2 runtime system has a security mechanism which guarantees the code under execution has appropriate access permissions to a certain system resource. Use of this security mechanism requires access control policies to specify what operations are permitted on each such resource at each program point. Previous work proposed a program analysis algorithm to statically infer a semi-optimal policy set from given program text. However the proposed method cannot calculate the optimal policy when the target resource is determined by string values at run-time, since it does not keep track of all potential string values generated through built-in or user-defined methods. This results in generating excessive access policies where actually unnecessary resource accesses are permitted. To overcome such limitations, we apply static string analysis to program variables relevant to access control policies. This paper shows that unnecessary permissions can be reduced with string analysis by applying it to analyzing open-source libraries.