Browse > Article
http://dx.doi.org/10.3745/KIPSTA.2006.13A.5.399

A Visualization System for Permission Check in Java using Static Analysis  

Kim, Yun-Kyung (숙명여자대학교 컴퓨터과학과)
Chang, Byeong-Mo (숙명여자대학교 컴퓨터과학과)
Publication Information
The KIPS Transactions:PartA / v.13A, no.5, 2006 , pp. 399-404 More about this Journal
Abstract
In Jana 2, to enforce a suity policy of a program, programmer writes permission sets required by the code at the policy file, sets Security Manager on system and executes the program. Then Security Manager checks by stack inspection whether an access request to resource should be granted or denied whenever code tries to access critical resource. In this paper, we develop a visualization tool which helps programmers enforce security policy effectively into programs. This system is based on the static permission check analysis which analyzes permission checks which must succeed or fail at each method. Based on this analysis information, programmer can examine visually how permission checks and their stack inspection are performed. By modifying program or policy file if necessary and examining analysis information repeatedly, programmer can enforce security policy correctly.
Keywords
Java; Stack Inspection; Security; Policy File; Static Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Ulfar Erlingsson, Fred B. Schneider. 'IRM Enforcement of Java Stack Inspection', IEEE Symposium on Security and Privacy, 2000   DOI
2 M. Bartoletti, P. Degano, and G. L. Ferrari. 'Static Analysis for Stack Inspection', International Workshop on Concurrency and Coordination, Vol.54 of ENTCS. Elsevier, 2001
3 L. Koved, M. Pistoia, A. Kershenbaum. 'Access Rights Analysis for Java', OOPSLA 2002
4 C. Fournet and A. D. Gordon. 'Stack inspection: Theory and Variants', Symposium on Principles of Programming Languages, 2001
5 Horstmann, Cay S, G. Cornell, 'Core Java 2', Vol.2, Advanced Features (4th Edition), Sun Microsystems, 2000
6 Boris BokoWski, Andre Spiegel. 'Barat-A Front-End for Java'. Technical Report B-98-99. December, 1998
7 http://java.sun.com/j2se/1.5.0/docs/api
8 S. Koleth, M. Hansen, R. Zsolt. open source GPL license, http://jipe.sourceforge.net
9 F.Nielson, H. R. Nielson, C. HanKin, 'Principles of Program Analysis'. pp.363-390, Springer, 2005
10 M. Bartoletti, P. Degano, G. L. Ferrari. 'Stack inspection and secure program transformations', International Journal of Information Security Vol.2 , Issue.3, August, 2004   DOI
11 Byeong-Mo Chang, 'Static Check Analysis for Java Stack Inspection', ACM SIGPLAN Notices, To appear   DOI