A Systematic Approach to Static Access Control [chapter]

François Pottier, Christian Skalka, Scott Smith
2001 Lecture Notes in Computer Science  
The Java Security Architecture includes a dynamic mechanism for enforcing access control checks, the so-called stack inspection process. While the architecture has several appealing features, access control checks are all implemented via dynamic method calls. This is a highly non-declarative form of specification which is hard to read, and which leads to additional run-time overhead. This paper develops type systems which can statically guarantee the success of these checks. Our systems allow
more » ... curity properties of programs to be clearly expressed within the types themselves, which thus serve as static declarations of the security policy. We develop these systems using a systematic methodology: we show that the security-passing style translation, proposed by Wallach, Appel and Felten as a dynamic implementation technique, also gives rise to static security-aware type systems, by composition with conventional type systems. To define the latter, we use the general HM(X) framework, and easily construct several constraint-and unification-based type systems.
doi:10.1007/3-540-45309-1_3 fatcat:g7xudtkvnbhmroilg6m5wegzzy