Filters








11,862 Hits in 12.5 sec

From stack inspection to access control: a security analysis for libraries

F. Besson, T. Blanc, C. Fournet, A.D. Gordon
Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004.  
We present a new static analysis to help identify security defects in class libraries for runtimes, such as JVMs or the CLR, that rely on stack inspection for access control.  ...  We also develop a new formal model of the essentials of access control in the CLR (types, classes and inheritance, access modifiers, permissions, and stack inspection).  ...  To control access to these resources, the CLR depends on a range of security mechanisms [16] , including type safety and access modifiers, as well as stack inspection.  ... 
doi:10.1109/csfw.2004.1310732 fatcat:5q5rbkmklrekpptfh3f275faai

Pyronia: Intra-Process Access Control for IoT Applications [article]

Marcela S. Melara, David H. Liu, Michael J. Freedman
2019 arXiv   pre-print
We present Pyronia, a fine-grained access control system for IoT applications written in high-level languages.  ...  To efficiently protect such sensitive OS resources, Pyronia combines three techniques: system call interposition, stack inspection, and memory domains.  ...  , which allows access to the call stack while responding to an upcall from the Access Control module.  ... 
arXiv:1903.01950v2 fatcat:chvowpj7pbczligwqw423snfdm

Generating Stack-based Access Control Policies [article]

Xin Li, Hua Vy Le Thanh
2013 arXiv   pre-print
In this paper, we present a systematic approach to automated generation of access control policies for Java programs that necessarily ensure the program to pass stack inspection.  ...  The stack-based access control mechanism plays a fundamental role in the security architecture of Java and Microsoft CLR (common language runtime).  ...  IBAC (Information-based Access Control) proposed by Pistoia et al. in [13] for programs. It would be interesting to extend the analysis framework to analyse IBAC security policy.  ... 
arXiv:1307.2964v2 fatcat:3hbewdvwbzcxjnlcgb4vfjhvba

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies

Paolina Centonze, Robert J. Flynn, Marco Pistoia
2007 Proceedings of the Computer Security Applications Conference  
This paper presents a novel combination of static and dynamic analysis for automatic determination of precise accesscontrol policies for programs that will be executed on Stack-Based Access Control systems  ...  ACE allows for automatic, safe, and precise identification of access-right requirements and library-code locations that should be made privilegeasserting to prevent client code from requiring unnecessary  ...  Acknowledgments The authors would like to thank the reviewers of the Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) for their precious suggestions.  ... 
doi:10.1109/acsac.2007.4412997 fatcat:kjdopptoybg7xk6pihu5dit3xi

Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies

Paolina Centonze, Robert J. Flynn, Marco Pistoia
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
This paper presents a novel combination of static and dynamic analysis for automatic determination of precise accesscontrol policies for programs that will be executed on Stack-Based Access Control systems  ...  ACE allows for automatic, safe, and precise identification of access-right requirements and library-code locations that should be made privilegeasserting to prevent client code from requiring unnecessary  ...  Acknowledgments The authors would like to thank the reviewers of the Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007) for their precious suggestions.  ... 
doi:10.1109/acsac.2007.39 dblp:conf/acsac/CentonzeFP07 fatcat:2sb7qzigsbhknkzaiorr6cfbae

Aspectizing Java Access Control

Rodolfo Toledo, Angel Nunez, Eric Tanter, Jacques Noye
2012 IEEE Transactions on Software Engineering  
In this study, we consider the case of access control in Java, which turns out to be a crosscutting concern with a non-modular implementation based on runtime stack inspection.  ...  Both solutions, apart from providing a modular specification of access control, make it possible to easily express other useful policies such as the Chinese wall policy.  ...  This barrier prevents the stack inspection algorithm from inspecting further classes in the stack.  ... 
doi:10.1109/tse.2011.6 fatcat:nvt6zu56qnaqfba2qnkrmiznvy

Information-Flow-Based Access Control for Web Browsers

Sachiko YOSHIHAMA, Takaaki TATEISHI, Naoshi TABUCHI, Tsutomu MATSUMOTO
2009 IEICE transactions on information and systems  
We propose a new browser security model to allow fine-grained access control in the clientside Web applications for secure mashup and user-generated contents.  ...  We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege  ...  In particular, we wish to thank Michael Steiner and Marco Pistoia for their insightful comments and discussions.  ... 
doi:10.1587/transinf.e92.d.836 fatcat:7a5lgzg7cbbtzodnd53uddtuim

Beyond Stack Inspection: A Unified Access-Control and Information-Flow Security Model

Marco Pistoia, Anindya Banerjee, David A. Naumann
2007 2007 IEEE Symposium on Security and Privacy (SP '07)  
Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action.  ...  Given an access-control policy α, we present a mechanism to extract from it an implicit integrity policy ι, and we prove that IBAC enforces ι.  ...  [44, 43] present an approach called Security Architecture Formerly Known as Stack Inspection (SAFKASI), which uses the calculus of Security-Passing Style (SPS) to enforce a form of access control equivalent  ... 
doi:10.1109/sp.2007.10 dblp:conf/sp/PistoiaBN07 fatcat:6klbjk245ja3nfieq7mxwwdbwe

Control-flow integrity

Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti
2005 Proceedings of the 12th ACM conference on Computer and communications security - CCS '05  
Finally, CFI provides a useful foundation for enforcing further security policies, as we demonstrate with efficient software implementations of a protected shadow call stack and of access control for memory  ...  The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior.  ...  Milenko Drinic and Andrew Edwards of the Vulcan team were helpful to our implementation efforts.  ... 
doi:10.1145/1102120.1102165 dblp:conf/ccs/AbadiBEL05 fatcat:5awwm6pzofe4jge4jhbyzy75am

Bringing java's wild native world under control

Mengtao Sun, Gang Tan, Joseph Siefers, Bin Zeng, Greg Morrisett
2013 ACM Transactions on Privacy and Security  
We introduce a security framework that extends Java's security model and brings native code under control.  ...  For performance and for incorporating legacy libraries, many Java applications contain native-code components written in unsafe languages such as C and C++.  ...  ACKNOWLEDGMENTS We thank Mark Seaborn for explaining the NaCl implementation. We thank Martin Hirzel for suggesting the JVMTI approach for native-code sandboxing.  ... 
doi:10.1145/2535505 fatcat:w2hjxwbverdntar5d6wep2djtq

Out of Control: Overcoming Control-Flow Integrity

Enes Goktas, Elias Athanasopoulos, Herbert Bos, Georgios Portokalidis
2014 2014 IEEE Symposium on Security and Privacy  
As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing.  ...  Specifically, much of the work on practical CFI is applicable to binaries, and improves performance by enforcing a looser notion of control flow integrity.  ...  ACKNOWLEDGEMENT We want to express our thanks to anonymous reviewers for valuable comments. This work was supported by the US Air Force through Contract AFRL-FA8650-10-C-7024.  ... 
doi:10.1109/sp.2014.43 dblp:conf/sp/GoktasABP14 fatcat:sbzbqlisybdplhho52hwf5kare

A systematic approach to static access control

François Pottier, Christian Skalka, Scott Smith
2005 ACM Transactions on Programming Languages and Systems  
The Java Security Architecture includes a dynamic mechanism for enforcing access control checks, the so-called stack inspection process.  ...  While the architecture has several appealing features, access control checks are all implemented via dynamic method calls.  ...  Access control decisions of checkPermission() are made using a stack inspection algorithm.  ... 
doi:10.1145/1057387.1057392 fatcat:gotutwvb2jexjdrnshjlkn72qm

A Systematic Approach to Static Access Control [chapter]

François Pottier, Christian Skalka, Scott Smith
2001 Lecture Notes in Computer Science  
The Java Security Architecture includes a dynamic mechanism for enforcing access control checks, the so-called stack inspection process.  ...  While the architecture has several appealing features, access control checks are all implemented via dynamic method calls.  ...  Access control decisions of checkPermission() are made using a stack inspection algorithm.  ... 
doi:10.1007/3-540-45309-1_3 fatcat:g7xudtkvnbhmroilg6m5wegzzy

Fine-Grained Control-Flow Integrity Through Binary Hardening [chapter]

Mathias Payer, Antonio Barresi, Thomas R. Gross
2015 Lecture Notes in Computer Science  
Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations.  ...  A shadow stack enforces precise integrity for function returns.  ...  This research was supported, in part, by a grant from NSF.  ... 
doi:10.1007/978-3-319-20550-2_8 fatcat:imb2l3voebeqxbwkg4dvwvubjq

Control Jujutsu

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, Stelios Sidiroglou-Douskos
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
We also evaluate the difficulties of generating a precise CFG using scalable static analysis for real-world applications.  ...  These flexibilities allow an attacker to gain control of the execution while strictly adhering to a fine-grained CFI.  ...  We show that preventing Control Jujutsu by using more precise pointer analysis algorithms is difficult for real-world applications.  ... 
doi:10.1145/2810103.2813646 dblp:conf/ccs/EvansLOSROS15 fatcat:hdc7wwdbgvaklm36xfr7aouhba
« Previous Showing results 1 — 15 out of 11,862 results