ECOOP 2015
Sun 5 - Fri 10 July 2015 Prague, Czech Republic
Wed 8 Jul 2015 17:30 - 18:00 at Bohemia - Analysis I Chair(s): Werner Dietl

Modern software development and runtime environments, such as Java, the Microsoft .NET Common Language Runtime (CLR) and Android, have adopted a declarative form of access control. Permissions are granted to code providers, and during execution, the runtime verifies compatibility between the permissions required by a security-sensitive operation and those granted to the executing code. While convenient, configuring the access-control policy of a program is not easy. If a code component is not granted sufficient permissions, authorization failures may occur. Thus, security administrators tend to define overly permissive policies, which violate the Principle of Least Privilege (PLP).

A considerable body of research has been devoted to building program-analysis tools for computing the optimal policy for a program. However, Java, CLR and Android also allow executing a program’s security-sensitive operations under the authority of a subject (user or service), and no program-analysis solution has addressed the challenges of determining the policy of a program in the presence of subject-executed code.

In response, this paper introduces Subject Access Rights Analysis (SARA), a novel analysis algorithm for statically computing the permissions required by subjects at run time. We have applied SARA to 348 libraries in a commercial enterprise application server written in Java that consists of >2 million lines of code and is required to support the Java permission- and subject-based security model. SARA detected 263 PLP violations, 219 cases of policies with missing permissions, and 29 bugs that led code to be unnecessarily executed under the authority of a subject. SARA corrected all these vulnerabilities automatically, and additionally synthesized fresh and provably correct policies for all the libraries, with 0 false negatives, a false-positive rate of 5%, and an average running time of 103 seconds per library. SARA enabled the application server to receive the Common Criteria for Information Technology Security Evaluation Assurance Level 4 certification.

Wed 8 Jul
Times are displayed in time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

17:30 - 18:30: Research Track - Analysis I at Bohemia
Chair(s): Werner DietlUniversity of Waterloo
research-track17:30 - 18:00
Paolina CentonzeIona College, Marco PistoiaIBM Research, Omer TrippIBM Thomas J. Watson Research Center
research-track18:00 - 18:30
Aleksandar S. DimovskiIT University of Copenhagen, Denmark, Claus BrabrandIT University of Copenhagen, Denmark, Andrzej WąsowskiIT University of Copenhagen, Denmark