Generating Stack-based Access Control Policies

TL;DR

This paper introduces a systematic, static analysis-based method for automatically generating Java access control policies that ensure programs pass stack inspection, reducing manual effort and increasing security accuracy.

Contribution

It presents a novel abstract interpretation approach combining call and dependency graphs for precise permission inference at stack inspection points.

Findings

Accurately identifies permission requirements at stack inspection points.

Automates policy generation, reducing manual effort.

Ensures generated policies allow programs to pass stack inspection.

Abstract

The stack-based access control mechanism plays a fundamental role in the security architecture of Java and Microsoft CLR (common language runtime). It is enforced at runtime by inspecting methods in the current call stack for granted permissions before the program performs safety-critical operations. Although stack inspection is well studied, there is relatively little work on automated generation of access control policies, and most existing work on inferring security policies assume the permissions to be checked at stack inspection points are known beforehand. Practiced approaches to generating access control policies are still manually done by developers based on domain-specific knowledges and trial-and-error testing. In this paper, we present a systematic approach to automated generation of access control policies for Java programs that necessarily ensure the program to pass stack inspection. The techniques are abstract interpretation based context-sensitive static program analyses. Our analysis models the program by combining a context-sensitive call graph with a dependency graph. We are hereby able to precisely identify permission requirements at stack inspection points, which are usually ignored in previous study.