Verifying Resource Access Control on Mobile Interactive Devices

Frédéric Besson 1 Guillaume Dufay 2, 3 Thomas Jensen 1 David Pichardie 1
1 CELTIQUE - Software certification with semantic analysis
IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL, Inria Rennes – Bretagne Atlantique
3 Gamma3 - Automatic mesh generation and advanced methods
Inria Paris-Rocquencourt, UTT - Université de Technologie Troyes
Abstract : A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operational semantics and provide a formal definition of the basic security policy to enforce viz that an application will always ask for a permission before using it to access a resource. A static analysis which enforces the security policy is defined and proved correct. A constraint solving algorithm implementing the analysis is presented.
Type de document :
Article dans une revue
Journal of Computer Security, IOS Press, 2010, 18 (6), pp.971-998
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00537821
Contributeur : David Pichardie <>
Soumis le : vendredi 19 novembre 2010 - 14:32:05
Dernière modification le : jeudi 22 février 2018 - 01:24:36
Document(s) archivé(s) le : vendredi 26 octobre 2012 - 16:02:04

Fichier

jcs.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00537821, version 1

Collections

Citation

Frédéric Besson, Guillaume Dufay, Thomas Jensen, David Pichardie. Verifying Resource Access Control on Mobile Interactive Devices. Journal of Computer Security, IOS Press, 2010, 18 (6), pp.971-998. 〈inria-00537821〉

Partager

Métriques

Consultations de la notice

486

Téléchargements de fichiers

126