JAIST Repository >
b. 情報科学研究科・情報科学系 >
b30. リサーチレポート >
Research Report - School of Information Science : ISSN 0918-7553 >
IS-RR-2012 >

このアイテムの引用には次の識別子を使用してください: http://hdl.handle.net/10119/10721

タイトル: A Formal Framework for Access Rights Analysis
著者: Li, Xin
Hua, Vy Le Thanh
発行日: 2012-09-11
出版者: 北陸先端科学技術大学院大学情報科学研究科
誌名: Research report (School of Information Science, Japan Advanced Institute of Science and Technology)
巻: IS-RR-2012-001
開始ページ: 1
終了ページ: 17
抄録: A stack-based access control mechanism is to prevent untrusted codes from accessing protected resources in distributed application systems, such as Java-centric web applications and Microsoft .NET framework. Such an access control mechanism is enforced at runtime by stack inspection that inspects methods in the current call stack for granted permissions. Nowadays practiced approaches to generating policy files for an application are still manually done by developers based on domain-specific knowledges and testing, due to overwhelming technical challenges involved and engineering efforts in the automation. This paper presents a formal framework of access rights analysis for Java applications, which includes both policy generation and checking. The analysis of policy generation automatically generates access control policies for the given program that necessarily ensure the program to pass stack inspections. The analysis of policy checking takes as input a policy file and determines whether access control in the concerned domain always succeed or may fail. The answer can either help detect redundant inspection points or refine the given policies. All of our analysis algorithms are novelly designed in the framework of conditional weighted pushdown systems, and are expected to achieve a high level of precision in the literature.
URI: http://hdl.handle.net/10119/10721
資料タイプ: publisher
出現コレクション:IS-RR-2012

このアイテムのファイル:

ファイル 記述 サイズ形式
IS-RR-2012-001.pdf187KbAdobe PDF見る/開く

当システムに保管されているアイテムはすべて著作権により保護されています。

 


お問い合わせ先 : 北陸先端科学技術大学院大学 研究推進課図書館情報係