Skip to Main content Skip to Navigation
Journal articles

Verifying Resource Access Control on Mobile Interactive Devices

Frédéric Besson 1 Guillaume Dufaye 2, 3, 4 Thomas Jensen 1 David Pichardie 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
3 Gamma3 - Automatic mesh generation and advanced methods
Inria Paris-Rocquencourt, ICD - Institut Charles Delaunay
Abstract : A model of resource access control is presented in which the access control to resources can employ user interaction to obtain the necessary permissions. This model is inspired by and improves on the Java security architecture used in Java-enabled mobile telephones. We extend the Java model to include access control permissions with multiplicities in order to allow to use a permission a certain number of times. We define a program model based on control flow graphs together with its operational semantics and provide a formal definition of the basic security policy to enforce viz that an application will always ask for a permission before using it to access a resource. A static analysis which enforces the security policy is defined and proved correct. A constraint solving algorithm implementing the analysis is presented.
Document type :
Journal articles
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal.inria.fr/inria-00537821
Contributor : David Pichardie <>
Submitted on : Friday, November 19, 2010 - 2:32:05 PM
Last modification on : Thursday, January 7, 2021 - 4:20:04 PM
Long-term archiving on: : Friday, October 26, 2012 - 4:02:04 PM

File

jcs.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00537821, version 1

Citation

Frédéric Besson, Guillaume Dufaye, Thomas Jensen, David Pichardie. Verifying Resource Access Control on Mobile Interactive Devices. Journal of Computer Security, IOS Press, 2010, 18 (6), pp.971-998. ⟨inria-00537821⟩

Share

Metrics

Record views

788

Files downloads

299