Access Control to Reflection with Object Ownership

Camille Teruel 1 Stéphane Ducasse 1 Damien Cassou 1 Marcus Denker 1
1 RMOD - Analyses and Languages Constructs for Object-Oriented Application Evolution
Inria Lille - Nord Europe, CRIStAL - Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
Abstract : Reflection is a powerful programming language feature that enables language extensions, generic code, dynamic analyses , development tools, etc. However, uncontrolled reflection breaks object encapsulation and considerably increases the attack surface of programs e.g., malicious libraries can use reflection to attack their client applications. To bring reflection and object encapsulation back together, we use dynamic object ownership to design an access control policy to reflective operations. This policy grants objects full reflective power over the objects they own but limited reflective power over other objects. Code is still able to use advanced reflective operations but reflection cannot be used as an attack vector anymore.
Document type :
Conference papers
Complete list of metadatas

Cited literature [27 references]  Display  Hide  Download

https://hal.inria.fr/hal-01217041
Contributor : Lse Lse <>
Submitted on : Sunday, November 1, 2015 - 5:15:30 PM
Last modification on : Friday, March 22, 2019 - 1:35:57 AM
Long-term archiving on : Thursday, April 27, 2017 - 6:21:09 AM

File

Teru15b-DLS15-AccessControlWit...
Files produced by the author(s)

Identifiers

Collections

Citation

Camille Teruel, Stéphane Ducasse, Damien Cassou, Marcus Denker. Access Control to Reflection with Object Ownership. Dynamic Languages Symposium, Oct 2015, USA, France. pp.168-176, ⟨10.1145/2816707.2816721⟩. ⟨hal-01217041⟩

Share

Metrics

Record views

318

Files downloads

242