TY - GEN
T1 - Generating permission-based security policies
AU - Li, Xin
AU - Thanh, Hua Vy Le
AU - Deng, Yuxin
AU - Dolby, Julian
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/5
Y1 - 2018/12/5
N2 - For access control in Java or.NET web applications, methods on the runtime stack are examined by the runtime systems for granted permissions, to prohibit from executing untrusted codes. There are quite limited research work on automatically generating security policies for configuring application components. In practice, configuring a security policy of web applications almost relies on the expertise of developers. In this work, we present an approach to automatically generating permission-based security policies for Java applications to pass the runtime authorization. Our technique is based on context-sensitive static proram analysis in the framework of conditional weighted pushdown systems. To tackle with the challenges of access rights analysis such as to statically identify permissions to be examined at stack inspection points, we propose to apply a uniform abstract interpretation of program calling contexts which are used to glue various analysis modules involved in access rights analysis including points-to analysis, string analysis and policy generation analysis. As a result, we can statically identify relevant permissions at the stack inspection sites and perform context-sensitive policy generation analysis.
AB - For access control in Java or.NET web applications, methods on the runtime stack are examined by the runtime systems for granted permissions, to prohibit from executing untrusted codes. There are quite limited research work on automatically generating security policies for configuring application components. In practice, configuring a security policy of web applications almost relies on the expertise of developers. In this work, we present an approach to automatically generating permission-based security policies for Java applications to pass the runtime authorization. Our technique is based on context-sensitive static proram analysis in the framework of conditional weighted pushdown systems. To tackle with the challenges of access rights analysis such as to statically identify permissions to be examined at stack inspection points, we propose to apply a uniform abstract interpretation of program calling contexts which are used to glue various analysis modules involved in access rights analysis including points-to analysis, string analysis and policy generation analysis. As a result, we can statically identify relevant permissions at the stack inspection sites and perform context-sensitive policy generation analysis.
KW - Abstract interpretation
KW - Conditional weighted pushdown systems
KW - Static analysis
UR - https://www.scopus.com/pages/publications/85060736995
U2 - 10.1109/DSA.2018.00013
DO - 10.1109/DSA.2018.00013
M3 - 会议稿件
AN - SCOPUS:85060736995
T3 - Proceedings - 2018 5th International Conference on Dependable Systems and Their Applications, DSA 2018
SP - 1
EP - 7
BT - Proceedings - 2018 5th International Conference on Dependable Systems and Their Applications, DSA 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Conference on Dependable Systems and Their Applications, DSA 2018
Y2 - 22 September 2018 through 23 September 2018
ER -