Sciweavers

SP
1998
IEEE

Understanding Java Stack Inspection

14 years 3 months ago
Understanding Java Stack Inspection
Current implementations of Java make security decisions by searching the runtime call stack. These systems have attractive security properties, but they have been criticized as being dependent on specific artifacts of the Java implementation. This paper models the stack inspection algorithm in terms of a well-understood logic for access control and demonstrates how stack inspection is a useful tool for expressing and managing complex trust relationships. We show that an access control decision based on stack inspection corresponds to the construction of a proof in the logic, and we present an efficient decision procedure for generating these proofs. By examining the decision procedure, we demonstrate that many statements in the logic are equivalent and can thus be expressed in a simpler form. We show that there are a finite number of such statements, allowing us to represent the security state of the system as a pushdown automaton. We also show that this automaton may be embedded in J...
Dan S. Wallach, Edward W. Felten
Added 05 Aug 2010
Updated 05 Aug 2010
Type Conference
Year 1998
Where SP
Authors Dan S. Wallach, Edward W. Felten
Comments (0)