NDLI: Combining static and dynamic analysis for automatic identification of precise access-control policies (2007)

Please wait, while we are loading the content...

Combining static and dynamic analysis for automatic identification of precise access-control policies (2007)

Content Provider	CiteSeerX
Author	Centonze, Paolina
Description	Given a large component-based program, it may be very complex to identify an optimal access-control policy, allowing the program to execute with no authorization failures and no violations of the Principle of Least Privilege. This paper presents a novel combination of static and dynamic analysis for automatic determination of precise accesscontrol policies for programs that will be executed on Stack-Based Access Control systems, such as Java and the Common Language Runtime (CLR). The static analysis soundly models the execution of the program taking into account native methods, reflection, and multi-threaded code. The dynamic analysis interactively refines the potentially conservative results of the static analysis, with no need for writing or generating test cases or for restarting the system if an authorization failure occurs during testing, and no risk of corrupting the underlying system on which the analysis is performed. We implemented the analysis framework presented by this paper in an analysis tool for Java programs, called Access-Control Explorer (ACE). ACE allows for automatic, safe, and precise identification of access-right requirements and library-code locations that should be made privilegeasserting to prevent client code from requiring unnecessary access rights. This paper presents experimental results obtained on large production-level applications. 1 In Proc. 23rd Annual Computer Security Applications Conference (ACSAC). IEEE
File Format	PDF
Language	English
Publisher Date	2007-01-01
Access Restriction	Open
Subject Keyword	Library-code Location Automatic Determination Unnecessary Access Right Dynamic Analysis Access-control Explorer Analysis Tool Automatic Identification Access-right Requirement Large Production-level Application Precise Access-control Policy Stack-based Access Control System Precise Accesscontrol Policy Precise Identification Large Component-based Program Static Analysis Account Native Method Client Code Least Privilege Optimal Access-control Policy Analysis Framework Common Language Runtime Java Program Novel Combination Conservative Result Test Case Multi-threaded Code Experimental Result Program Taking Authorization Failure
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in