Type annotations to improve stack-based access control

18th IEEE Computer Security Foundations Workshop (CSFW'05) Pub Date : 2005-06-20 DOI:10.1109/CSFW.2005.27

Tian Zhao, J. Boyland

{"title":"Type annotations to improve stack-based access control","authors":"Tian Zhao, J. Boyland","doi":"10.1109/CSFW.2005.27","DOIUrl":null,"url":null,"abstract":"Java security architecture uses stack-based access control to protect security-sensitive resources. The architecture implements access control checks by inspecting the call stack to compute permission levels, which are used to decide whether to grant access to these resources. This implementation only considers the direct and indirect callers of sensitive methods that directly accesses the resources. However, it does not check the integrity of the variables used in the calls to these methods, nor does it help protect confidential values that might be returned by these calls. This paper proposes a type-based approach to strengthen stack-based access control. We use type annotations to track values originated from untrusted code such that these values will not be inputs to the sensitive methods when they are executed with high level of trust. We also use the annotations to protect confidential values from being accidentally revealed by trusted code. We give a static type system that checks these properties and augments existing dynamic stack-based checks. The hybrid approach is similar to so-called \"history-based access control\" without its run-time burden.","PeriodicalId":333912,"journal":{"name":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","volume":"324 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"18th IEEE Computer Security Foundations Workshop (CSFW'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSFW.2005.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Java security architecture uses stack-based access control to protect security-sensitive resources. The architecture implements access control checks by inspecting the call stack to compute permission levels, which are used to decide whether to grant access to these resources. This implementation only considers the direct and indirect callers of sensitive methods that directly accesses the resources. However, it does not check the integrity of the variables used in the calls to these methods, nor does it help protect confidential values that might be returned by these calls. This paper proposes a type-based approach to strengthen stack-based access control. We use type annotations to track values originated from untrusted code such that these values will not be inputs to the sensitive methods when they are executed with high level of trust. We also use the annotations to protect confidential values from being accidentally revealed by trusted code. We give a static type system that checks these properties and augments existing dynamic stack-based checks. The hybrid approach is similar to so-called "history-based access control" without its run-time burden.

查看原文本刊更多论文

键入注释以改进基于堆栈的访问控制

Java安全架构使用基于堆栈的访问控制来保护对安全敏感的资源。该体系结构通过检查调用堆栈来计算权限级别来实现访问控制检查，这些权限级别用于决定是否授予对这些资源的访问权限。这个实现只考虑直接访问资源的敏感方法的直接和间接调用者。但是，它不会检查这些方法调用中使用的变量的完整性，也不会帮助保护这些调用可能返回的机密值。本文提出了一种基于类型的方法来加强基于堆栈的访问控制。我们使用类型注释来跟踪源自不受信任代码的值，这样，当在高度信任的情况下执行敏感方法时，这些值就不会成为它们的输入。我们还使用注释来保护机密值不被可信代码意外泄露。我们给出了一个静态类型系统来检查这些属性，并增加了现有的基于堆栈的动态检查。这种混合方法类似于所谓的“基于历史的访问控制”，但没有运行时负担。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

18th IEEE Computer Security Foundations Workshop (CSFW'05)

自引率

0.00%

发文量