A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
Filters
From stack inspection to access control: a security analysis for libraries
Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004.
Preserved Fulltext
We present a new static analysis to help identify security defects in class libraries for runtimes, such as JVMs or the CLR, that rely on stack inspection for access control. ...
We also develop a new formal model of the essentials of access control in the CLR (types, classes and inheritance, access modifiers, permissions, and stack inspection). ...
To control access to these resources, the CLR depends on a range of security mechanisms [16] , including type safety and access modifiers, as well as stack inspection. ...
doi:10.1109/csfw.2004.1310732
fatcat:5q5rbkmklrekpptfh3f275faai
Pyronia: Intra-Process Access Control for IoT Applications
[article]
2019
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
We present Pyronia, a fine-grained access control system for IoT applications written in high-level languages. ...
To efficiently protect such sensitive OS resources, Pyronia combines three techniques: system call interposition, stack inspection, and memory domains. ...
, which allows access to the call stack while responding to an upcall from the Access Control module. ...
arXiv:1903.01950v2
fatcat:chvowpj7pbczligwqw423snfdm
Generating Stack-based Access Control Policies
[article]
2013
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In this paper, we present a systematic approach to automated generation of access control policies for Java programs that necessarily ensure the program to pass stack inspection. ...
The stack-based access control mechanism plays a fundamental role in the security architecture of Java and Microsoft CLR (common language runtime). ...
IBAC (Information-based Access Control) proposed by Pistoia et al. in [13] for programs. It would be interesting to extend the analysis framework to analyse IBAC security policy. ...
arXiv:1307.2964v2
fatcat:3hbewdvwbzcxjnlcgb4vfjhvba
Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies
2007
Proceedings of the Computer Security Applications Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
This paper presents a novel combination of static and dynamic analysis for automatic determination of precise accesscontrol policies for programs that will be executed on Stack-Based Access Control systems ...
ACE allows for automatic, safe, and precise identification of access-right requirements and library-code locations that should be made privilegeasserting to prevent client code from requiring unnecessary ...
Acknowledgments The authors would like to thank the reviewers of the Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) for their precious suggestions. ...
doi:10.1109/acsac.2007.4412997
fatcat:kjdopptoybg7xk6pihu5dit3xi
Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies
2007
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
This paper presents a novel combination of static and dynamic analysis for automatic determination of precise accesscontrol policies for programs that will be executed on Stack-Based Access Control systems ...
ACE allows for automatic, safe, and precise identification of access-right requirements and library-code locations that should be made privilegeasserting to prevent client code from requiring unnecessary ...
Acknowledgments The authors would like to thank the reviewers of the Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) for their precious suggestions. ...
doi:10.1109/acsac.2007.39
dblp:conf/acsac/CentonzeFP07
fatcat:2sb7qzigsbhknkzaiorr6cfbae
Aspectizing Java Access Control
2012
IEEE Transactions on Software Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a non-modular implementation based on runtime stack inspection. ...
Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy. ...
This barrier prevents the stack inspection algorithm from inspecting further classes in the stack. ...
doi:10.1109/tse.2011.6
fatcat:nvt6zu56qnaqfba2qnkrmiznvy
Information-Flow-Based Access Control for Web Browsers
2009
IEICE transactions on information and systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
We propose a new browser security model to allow fine-grained access control in the clientside Web applications for secure mashup and user-generated contents. ...
We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege ...
In particular, we wish to thank Michael Steiner and Marco Pistoia for their insightful comments and discussions. ...
doi:10.1587/transinf.e92.d.836
fatcat:7a5lgzg7cbbtzodnd53uddtuim
Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model
2007
2007 IEEE Symposium on Security and Privacy (SP '07)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2010; you can also visit the original URL.
The file type is application/pdf.
Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action. ...
Given an access-control policy α, we present a mechanism to extract from it an implicit integrity policy ι, and we prove that IBAC enforces ι. ...
[44, 43] present an approach called Security Architecture Formerly Known as Stack Inspection (SAFKASI), which uses the calculus of Security-Passing Style (SPS) to enforce a form of access control equivalent ...
doi:10.1109/sp.2007.10
dblp:conf/sp/PistoiaBN07
fatcat:6klbjk245ja3nfieq7mxwwdbwe
Control-flow integrity
2005
Proceedings of the 12th ACM conference on Computer and communications security - CCS '05
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Finally, CFI provides a useful foundation for enforcing further security policies, as we demonstrate with efficient software implementations of a protected shadow call stack and of access control for memory ...
The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. ...
Milenko Drinic and Andrew Edwards of the Vulcan team were helpful to our implementation efforts. ...
doi:10.1145/1102120.1102165
dblp:conf/ccs/AbadiBEL05
fatcat:5awwm6pzofe4jge4jhbyzy75am
Bringing java's wild native world under control
2013
ACM Transactions on Privacy and Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We introduce a security framework that extends Java's security model and brings native code under control. ...
For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++. ...
ACKNOWLEDGMENTS We thank Mark Seaborn for explaining the NaCl implementation. We thank Martin Hirzel for suggesting the JVMTI approach for native-code sandboxing. ...
doi:10.1145/2535505
fatcat:w2hjxwbverdntar5d6wep2djtq
Out of Control: Overcoming Control-Flow Integrity
2014
2014 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. ...
Specifically, much of the work on practical CFI is applicable to binaries, and improves performance by enforcing a looser notion of control flow integrity. ...
ACKNOWLEDGEMENT We want to express our thanks to anonymous reviewers for valuable comments. This work was supported by the US Air Force through Contract AFRL-FA8650-10-C-7024. ...
doi:10.1109/sp.2014.43
dblp:conf/sp/GoktasABP14
fatcat:sbzbqlisybdplhho52hwf5kare
A systematic approach to static access control
2005
ACM Transactions on Programming Languages and Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2006; you can also visit the original URL.
The file type is application/pdf.
The Java Security Architecture includes a dynamic mechanism for enforcing access control checks, the so-called stack inspection process. ...
While the architecture has several appealing features, access control checks are all implemented via dynamic method calls. ...
Access control decisions of checkPermission() are made using a stack inspection algorithm. ...
doi:10.1145/1057387.1057392
fatcat:gotutwvb2jexjdrnshjlkn72qm
A Systematic Approach to Static Access Control
[chapter]
2001
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2006; you can also visit the original URL.
The file type is application/pdf.
The Java Security Architecture includes a dynamic mechanism for enforcing access control checks, the so-called stack inspection process. ...
While the architecture has several appealing features, access control checks are all implemented via dynamic method calls. ...
Access control decisions of checkPermission() are made using a stack inspection algorithm. ...
doi:10.1007/3-540-45309-1_3
fatcat:g7xudtkvnbhmroilg6m5wegzzy
Fine-Grained Control-Flow Integrity Through Binary Hardening
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. ...
A shadow stack enforces precise integrity for function returns. ...
This research was supported, in part, by a grant from NSF. ...
doi:10.1007/978-3-319-20550-2_8
fatcat:imb2l3voebeqxbwkg4dvwvubjq
Control Jujutsu
2015
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
We also evaluate the difficulties of generating a precise CFG using scalable static analysis for real-world applications. ...
These flexibilities allow an attacker to gain control of the execution while strictly adhering to a fine-grained CFI. ...
We show that preventing Control Jujutsu by using more precise pointer analysis algorithms is difficult for real-world applications. ...
doi:10.1145/2810103.2813646
dblp:conf/ccs/EvansLOSROS15
fatcat:hdc7wwdbgvaklm36xfr7aouhba
« Previous
Showing results 1 — 15 out of 11,862 results