Access Control to Reflection with Object Ownership

Camille Teruel 1 Stéphane Ducasse 1 Damien Cassou 1 Marcus Denker 1
1 RMOD - Analyses and Languages Constructs for Object-Oriented Application Evolution
Inria Lille - Nord Europe, CRIStAL - Centre de Recherche en Informatique, Signal et Automatique de Lille
Abstract : Reflection is a powerful programming language feature that enables language extensions, generic code, dynamic analyses , development tools, etc. However, uncontrolled reflection breaks object encapsulation and considerably increases the attack surface of programs e.g., malicious libraries can use reflection to attack their client applications. To bring reflection and object encapsulation back together, we use dynamic object ownership to design an access control policy to reflective operations. This policy grants objects full reflective power over the objects they own but limited reflective power over other objects. Code is still able to use advanced reflective operations but reflection cannot be used as an attack vector anymore.
Type de document :
Communication dans un congrès
Dynamic Languages Symposium, Oct 2015, USA, France. Proceedings of the 11th Symposium on Dynamic Languages, pp.168-176, Proceedings of the 11th Symposium on Dynamic Languages. <10.1145/2816707.2816721>
Liste complète des métadonnées

https://hal.inria.fr/hal-01217041
Contributeur : Lse Lse <>
Soumis le : dimanche 1 novembre 2015 - 17:15:30
Dernière modification le : lundi 18 janvier 2016 - 15:43:00

Fichier

Teru15b-DLS15-AccessControlWit...
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Camille Teruel, Stéphane Ducasse, Damien Cassou, Marcus Denker. Access Control to Reflection with Object Ownership. Dynamic Languages Symposium, Oct 2015, USA, France. Proceedings of the 11th Symposium on Dynamic Languages, pp.168-176, Proceedings of the 11th Symposium on Dynamic Languages. <10.1145/2816707.2816721>. <hal-01217041>

Partager

Métriques

Consultations de
la notice

174

Téléchargements du document

86