Stack-based access control and secure information flow

ANINDYA BANERJEE; DAVID A. NAUMANN

doi:10.1017/S0956796804005453

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

Access control mechanisms are often used with the intent of enforcing confidentiality and integrity policies, but few rigorous connections have been made between information flow and runtime access control. The Java virtual machine and the .NET runtime system provide a dynamic access control mechanism in which permissions are granted to program units and a runtime mechanism checks permissions of code in the calling chain. We investigate a design pattern by which this mechanism can be used to achieve confidentiality and integrity goals: a single interface serves callers of more than one security level and dynamic access control prevents release of high information to low callers. Programs fitting this pattern would be rejected by previous flow analyses. We give a static analysis that admits them, using permission-dependent security types. The analysis is given for a class-based object-oriented language with features including inheritance, dynamic binding, dynamically allocated mutable objects, type casts and recursive types. The analysis is shown to ensure a noninterference property formalizing confidentiality and integrity.

Crossref Citations

This article has been cited by the following publications. This list is generated based on data provided by Crossref.

Barthe, Gilles and Nieto, Leonor Prensa 2004. Formally verifying information flow type systems for concurrent and thread systems. p. 13.

Barthe, Gilles and Dufay, Guillaume 2005. Foundations of Security Analysis and Design III. Vol. 3655, Issue. , p. 133.

Naumann, David A. 2005. Theorem Proving in Higher Order Logics. Vol. 3603, Issue. , p. 211.

Jacobs, Bart Pieters, Wolter and Warnier, Martijn 2005. Statically checking confidentiality via dynamic labels. p. 50.

Banerjee, Anindya and Naumann, David A. 2005. Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. Vol. 3362, Issue. , p. 27.

Jeffrey, Alan and Rathke, Julian 2005. Programming Languages and Systems. Vol. 3444, Issue. , p. 423.

Barthe, Gilles and Rezk, Tamara 2005. Non-interference for a JVM-like language. p. 103.

Sabelfeld, A. and Sands, D. 2005. Dimensions and Principles of Declassification. p. 255.

Hedin, D. and Sands, D. 2006. Noninterference in the Presence of Non-Opaque Pointers. p. 217.

Naumann, David A. 2006. Computer Security – ESORICS 2006. Vol. 4189, Issue. , p. 279.

Barnett, Mike Naumann, David A. Schulte, Wolfram and Sun, Qi 2006. Emerging Trends in Information and Communication Security. Vol. 3995, Issue. , p. 321.

Barthe, G. Naumann, D. and Rezk, T. 2006. Deriving an information flow checker and certifying compiler for Java. p. 13 pp..

Naumann, David A. and Barnett, Mike 2006. Towards imperative modules: Reasoning about invariants and sharing of mutable state. Theoretical Computer Science, Vol. 365, Issue. 1-2, p. 143.

Broberg, Niklas and Sands, David 2006. Programming Languages and Systems. Vol. 3924, Issue. , p. 180.

Hicks, Boniface King, Dave McDaniel, Patrick and Hicks, Michael 2006. Trusted declassification:. p. 65.

Amtoft, Torben Bandhakavi, Sruthi and Banerjee, Anindya 2006. A logic for information flow in object-oriented programs. ACM SIGPLAN Notices, Vol. 41, Issue. 1, p. 91.

Amtoft, Torben Bandhakavi, Sruthi and Banerjee, Anindya 2006. A logic for information flow in object-oriented programs. p. 91.

Boudol, Gérard and Kolundžija, Marija 2007. Computer Network Security. Vol. 1, Issue. , p. 85.

Amtoft, Torben and Banerjee, Anindya 2007. A logic for information flow analysis with an application to forward slicing of simple imperative programs. Science of Computer Programming, Vol. 64, Issue. 1, p. 3.

Tateishi, Takaaki and Tabuchi, Naoshi 2007. Secure Behavior of Web Browsers to Prevent Information Leakages. p. 65.

Download full list

Article contents

Stack-based access control and secure information flow

Abstract

Discussions

This article has been cited by the following publications. This list is generated based on data provided by Crossref.

Article contents

Stack-based access control and secure information flow

Abstract

Discussions

Save article to Kindle

Save article to Dropbox

Save article to Google Drive

Reply to: Submit a response

Your details

You have entered the maximum number of contributors

Conflicting interests