Stack-based access control and secure information flow

ANINDYA BANERJEE; DAVID A. NAUMANN

doi:10.1017/S0956796804005453

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the 'Save PDF' action button.

Access control mechanisms are often used with the intent of enforcing confidentiality and integrity policies, but few rigorous connections have been made between information flow and runtime access control. The Java virtual machine and the .NET runtime system provide a dynamic access control mechanism in which permissions are granted to program units and a runtime mechanism checks permissions of code in the calling chain. We investigate a design pattern by which this mechanism can be used to achieve confidentiality and integrity goals: a single interface serves callers of more than one security level and dynamic access control prevents release of high information to low callers. Programs fitting this pattern would be rejected by previous flow analyses. We give a static analysis that admits them, using permission-dependent security types. The analysis is given for a class-based object-oriented language with features including inheritance, dynamic binding, dynamically allocated mutable objects, type casts and recursive types. The analysis is shown to ensure a noninterference property formalizing confidentiality and integrity.

Information

Crossref Citations

This article has been cited by the following publications. This list is generated based on data provided by Crossref.

Barthe, Gilles and Nieto, Leonor Prensa 2004. Formally verifying information flow type systems for concurrent and thread systems. p. 13.

Banerjee, Anindya and Naumann, David A. 2005. Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. Vol. 3362, Issue. , p. 27.

Jacobs, Bart Pieters, Wolter and Warnier, Martijn 2005. Statically checking confidentiality via dynamic labels. p. 50.

Jeffrey, Alan and Rathke, Julian 2005. Programming Languages and Systems. Vol. 3444, Issue. , p. 423.

Barthe, Gilles and Rezk, Tamara 2005. Non-interference for a JVM-like language. p. 103.

Sabelfeld, A. and Sands, D. 2005. Dimensions and Principles of Declassification. p. 255.

Naumann, David A. 2005. Theorem Proving in Higher Order Logics. Vol. 3603, Issue. , p. 211.

Barthe, Gilles and Dufay, Guillaume 2005. Foundations of Security Analysis and Design III. Vol. 3655, Issue. , p. 133.

Naumann, David A. and Barnett, Mike 2006. Towards imperative modules: Reasoning about invariants and sharing of mutable state. Theoretical Computer Science, Vol. 365, Issue. 1-2, p. 143.

Amtoft, Torben Bandhakavi, Sruthi and Banerjee, Anindya 2006. A logic for information flow in object-oriented programs. p. 91.

Broberg, Niklas and Sands, David 2006. Programming Languages and Systems. Vol. 3924, Issue. , p. 180.

Naumann, David A. 2006. Computer Security – ESORICS 2006. Vol. 4189, Issue. , p. 279.

Hedin, D. and Sands, D. 2006. Noninterference in the Presence of Non-Opaque Pointers. p. 217.

Barnett, Mike Naumann, David A. Schulte, Wolfram and Sun, Qi 2006. Emerging Trends in Information and Communication Security. Vol. 3995, Issue. , p. 321.

Hicks, Boniface King, Dave McDaniel, Patrick and Hicks, Michael 2006. Trusted declassification:. p. 65.

Barthe, G. Naumann, D. and Rezk, T. 2006. Deriving an information flow checker and certifying compiler for Java. p. 13 pp..

Amtoft, Torben Bandhakavi, Sruthi and Banerjee, Anindya 2006. A logic for information flow in object-oriented programs. ACM SIGPLAN Notices, Vol. 41, Issue. 1, p. 91.

Fong, Philip W.L. 2007. Reasoning about safety properties in a JVM-like environment. Science of Computer Programming, Vol. 67, Issue. 2-3, p. 278.

Liu, Dongxi 2007. Bytecode Verification for Enhanced JVM Access Control. p. 162.

Pistoia, Marco Banerjee, Anindya and Naumann, David A. 2007. Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model. p. 149.

Download full list

Article contents

Stack-based access control and secure information flow

Abstract

Information

Discussions

This article has been cited by the following publications. This list is generated based on data provided by Crossref.

Article contents

Stack-based access control and secure information flow

Abstract

Information

Discussions

Save article to Kindle

Save article to Dropbox

Save article to Google Drive

Reply to: Submit a response

Your details

You have entered the maximum number of contributors

Conflicting interests