Skip to Main content Skip to Navigation
Conference papers

Component-based Access Control: Secure Software Composition through Static Analysis

Pierre Parrend 1 Stéphane Frénot 1 
1 AMAZONES - Ambient Middleware Architectures: Service-Oriented, Networked, Efficient and Secured
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Extensible Component Platforms support the discovery, in- stallation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constraint devices, they have both strong performance and security requirements. The current security model for Java systems, Permissions, are based on call stack analysis. They proves to be very time-consuming, which makes them difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Se- curity Model, which aims at emulating Java Permissions through static analysis at the installation phase of the components. CBAC is based on a fully declarative approach, that makes it possible to tag arbitrary meth- ods as sensitive. A formal model is defined to guarantee that a given component have sufficient access rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code anal- ysis. Performance tests show that the cost of CBAC at install time is negligible, because it is executed together with digital signature which is much more costly. Moreover, contrary to Java Permissions, the CBAC security model does not imply any runtime overhead.
Document type :
Conference papers
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download
Contributor : Stéphane Frénot Connect in order to contact the contributor
Submitted on : Monday, April 7, 2008 - 10:46:50 PM
Last modification on : Friday, February 4, 2022 - 3:12:19 AM
Long-term archiving on: : Thursday, May 20, 2010 - 11:03:27 PM


Publisher files allowed on an open archive




Pierre Parrend, Stéphane Frénot. Component-based Access Control: Secure Software Composition through Static Analysis. Software Composition, Mar 2008, Budapest, Hungary. pp.68-83, ⟨10.1007/978-3-540-78789-1_5⟩. ⟨inria-00270942⟩



Record views


Files downloads