Publication
SACMAT 2006
Conference paper

Data-centric security: Role analysis and role typestates

Abstract

In J2EE and .NET roles are assigned to methods using external configuration files, called the deployment descriptors. Assigning roles to methods, although conceptually simple, in practice it is quite complicated. For instance, in order for a deployer to assign a role r to a method m, the deployer must understand the set of roles R that are assigned to each method n that can be invoked directly or indirectly from m, and that r has to be "consistently" assigned with respect R. Understanding such role consistency is a non-trivial task. Also, in J2EE roles are defined with respect to method access and not data access. Therefore, in order to protect sensitive data, one has to encode data access control using method access control. This can lead to interesting and subtle access control problems when accessing sensitive data, including information leakage through data flow from one method to another. In this paper we focus on data-centric security by presenting two concepts: Role Analysis: We present a simple interprocedural static analysis for detecting security problems when objects are accessed by multiple methods that do not have compatible or consistent assignment of roles. We then introduce the notion of an object "escaping" a role and present a simple interprocedural static analysis for computing the set of objects that may escape a role. Consistency-Based Security and Role Typestates: We extend J2EE method-based role assignment to consistency-based role assignment. In this paper we will focus on assigning roles to typestates rather than methods. Copyright 2006 ACM.

Date

Publication

SACMAT 2006

Authors

Topics

Share