An Operational Semantics of Java 2 Access Control
نویسنده
چکیده
Java 2 Security enhanced with the Java Authentication and Authorization Service (JAAS) provide sophisticated access control features via a user-configurable authorization policy. Fine-grained access control, code-based as well as user-based authorization, and implicit access rights allow the implementation of real-world policies, but of the cost of increased complexity. In this paper we provide a formal specification of the Java 2 and JAAS access control model that helps remove ambiguities of the informal definitions. It defines Java 2 access control in terms of an abstract machine, whose behavior is determined by a small set of transition rules. We illustrate the power of Java 2 access control by showing how commonly encountered authorization requirements can be implemented in Java 2.
منابع مشابه
An Operational Semantics of the Java Card Firewall
This paper presents an operational semantics for a subset of Java Card bytecode, focussing on aspects of the Java Card firewall, method invocation, field access, variable access, shareable objects and contexts. The goal is to provide a precise description of the Java Card firewall using standard tools from operational semantics. Such a description is necessary for formally arguing the correctne...
متن کاملA Formal Model of Access Control for Mobile Interactive Devices
This paper presents an access control model for programming applications in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java MIDP security architecture used in Java-enabled mobile telephones. We consider access control permissions with multiplicities in order to allow to use a permission a c...
متن کاملVerifying resource access control on mobile interactive devices
A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain...
متن کاملMachine Assisted Reasoning for Multi -Threaded Java Bytecode
In this thesis an operational semantics for a subset of the Java Virtual Machine (JVM) is developed and presented. The subset contains standard operations such as control flow, computation, and memory management. In addition, the subset contains a treatment of parallel threads of execution. The operational semantics are embedded into a μ-calculus based proof assistant, called the VeriCode Proof...
متن کاملEstimating Exception-Induced Control Flow for Java
Exception analyses so far cannot provide information on the propagation of thrown exceptions, which is necessary to construct interprocedural control flow graph, visualize exception propagation, and slice exception-related parts of programs. In this paper, we propose a set-based analysis, which estimates exception propagation of Java programs. To formalize exception propagation, we first descri...
متن کامل