{"title":"Reducing Unnecessary Conservativeness in Access Rights Analysis with String Analysis","authors":"Mika Koganeyama, Naoshi Tabuchi, T. Tateishi","doi":"10.1109/APSEC.2007.80","DOIUrl":null,"url":null,"abstract":"The JavaTM2 runtime system has a security mechanism which guarantees the code under execution has appropriate access permissions to a certain system resource. Use of this security mechanism requires access control policies to specify what operations are permitted on each such resource at each program point. Previous work proposed a program analysis algorithm to statically infer a semi-optimal policy set from given program text. However the proposed method cannot calculate the optimal policy when the target resource is determined by string values at run-time, since it does not keep track of all potential string values generated through built-in or user-defined methods. This results in generating excessive access policies where actually unnecessary resource accesses are permitted. To overcome such limitations, we apply static string analysis to program variables relevant to access control policies. This paper shows that unnecessary permissions can be reduced with string analysis by applying it to analyzing open-source libraries.","PeriodicalId":273688,"journal":{"name":"14th Asia-Pacific Software Engineering Conference (APSEC'07)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"14th Asia-Pacific Software Engineering Conference (APSEC'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2007.80","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The JavaTM2 runtime system has a security mechanism which guarantees the code under execution has appropriate access permissions to a certain system resource. Use of this security mechanism requires access control policies to specify what operations are permitted on each such resource at each program point. Previous work proposed a program analysis algorithm to statically infer a semi-optimal policy set from given program text. However the proposed method cannot calculate the optimal policy when the target resource is determined by string values at run-time, since it does not keep track of all potential string values generated through built-in or user-defined methods. This results in generating excessive access policies where actually unnecessary resource accesses are permitted. To overcome such limitations, we apply static string analysis to program variables relevant to access control policies. This paper shows that unnecessary permissions can be reduced with string analysis by applying it to analyzing open-source libraries.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
