Stack-based access control and secure information flow

Anindya Banerjee, David A. Naumann

Research output: Contribution to journalArticlepeer-review

104 Scopus citations

Abstract

Access control mechanisms are often used with the intent of enforcing confidentiality and integrity policies, but few rigorous connections have been made between information flow and runtime access control. The Java virtual machine and the .NET runtime system provide a dynamic access control mechanism in which permissions are granted to program units and a runtime mechanism checks permissions of code in the calling chain. We investigate a design pattern by which this mechanism can be used to achieve confidentiality and integrity goals: a single interface serves callers of more than one security level and dynamic access control prevents release of high information to low callers. Programs fitting this pattern would be rejected by previous flow analyses. We give a static analysis that admits them, using permission-dependent security types. The analysis is given for a class-based object-oriented language with features including inheritance, dynamic binding, dynamically allocated mutable objects, type casts and recursive types. The analysis is shown to ensure a noninterference property formalizing confidentiality and integrity.

Original languageEnglish
Pages (from-to)131-177
Number of pages47
JournalJournal of Functional Programming
Volume15
Issue number2
DOIs
StatePublished - Mar 2005

Fingerprint

Dive into the research topics of 'Stack-based access control and secure information flow'. Together they form a unique fingerprint.

Cite this