Component-based Access Control: Secure Software Composition through Static Analysis

Pierre Parrend 1 Stéphane Frénot 1
1 AMAZONES - Ambient Middleware Architectures: Service-Oriented, Networked, Efficient and Secured
CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Grenoble - Rhône-Alpes
Abstract : Extensible Component Platforms support the discovery, in- stallation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constraint devices, they have both strong performance and security requirements. The current security model for Java systems, Permissions, are based on call stack analysis. They proves to be very time-consuming, which makes them difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Se- curity Model, which aims at emulating Java Permissions through static analysis at the installation phase of the components. CBAC is based on a fully declarative approach, that makes it possible to tag arbitrary meth- ods as sensitive. A formal model is defined to guarantee that a given component have sufficient access rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code anal- ysis. Performance tests show that the cost of CBAC at install time is negligible, because it is executed together with digital signature which is much more costly. Moreover, contrary to Java Permissions, the CBAC security model does not imply any runtime overhead.
Type de document :
Communication dans un congrès
Software Composition, Mar 2008, Budapest, Hungary. 4954/2008, pp.68-83, 2008, 〈10.1007/978-3-540-78789-1_5〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00270942
Contributeur : Stéphane Frénot <>
Soumis le : lundi 7 avril 2008 - 22:46:50
Dernière modification le : mercredi 11 avril 2018 - 01:54:49
Document(s) archivé(s) le : jeudi 20 mai 2010 - 23:03:27

Fichier

parrend08cbac.pdf
Fichiers éditeurs autorisés sur une archive ouverte

Identifiants

Collections

Citation

Pierre Parrend, Stéphane Frénot. Component-based Access Control: Secure Software Composition through Static Analysis. Software Composition, Mar 2008, Budapest, Hungary. 4954/2008, pp.68-83, 2008, 〈10.1007/978-3-540-78789-1_5〉. 〈inria-00270942〉

Partager

Métriques

Consultations de la notice

269

Téléchargements de fichiers

274