A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is
Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004.
We present a new static analysis to help identify security defects in class libraries for runtimes, such as JVMs or the CLR, that rely on stack inspection for access control. Our tool inputs a set of class libraries plus a description of the permissions granted to unknown, potentially hostile code. It constructs a permissionsensitive call graph, which can be queried to identify potential defects. We describe the tool architecture, various examples of security queries, and a practicaldoi:10.1109/csfw.2004.1310732 fatcat:5q5rbkmklrekpptfh3f275faai