RZO Web Page - networks and Co

Bienvenue sur la page RZO

Ressources de Jean et Pierre Parrend en informatique, telecoms et reseaux


Home

Pierre

Enseignement

Publications

Developpement

Jean

Ressources techniques

A Lire

Contact

Home-Pierre-Jean-Enseignement-Ressources techniques-Contact
Recherche-Publications-CV-Master

Component-based Access Control: Secure Software Composition through Static Analysis

Pierre Parrend and Stephane Frenot

7th International Symposium on Software Composition, 29-30 March 2008, Budapest, Hungary

Abstract : Extensible Component Platforms support the discovery, in- stallation, starting, uninstallation of components at runtime. Since they are often targeted at mobile resource-constraint devices, they have both strong performance and security requirements. The current security model for Java systems, Permissions, are based on call stack analysis. They proves to be very time-consuming, which makes them difficult to use in production environments. We therefore define the Component-Based Access Control (CBAC) Se- curity Model, which aims at emulating Java Permissions through static analysis at the installation phase of the components. CBAC is based on a fully declarative approach, that makes it possible to tag arbitrary meth- ods as sensitive. A formal model is defined to guarantee that a given component have sufficient access rights, and that dependencies between components are taken into account. A first implementation of the model is provided for the OSGi Platform, using the ASM library for code anal- ysis. Performance tests show that the cost of CBAC at install time is negligible, because it is executed together with digital signature which is much more costly. Moreover, contrary to Java Permissions, the CBAC security model does not imply any runtime overhead.

Keywords :Software Security, Component Middleware, Static Analysis, OSGi Platform

Appendix :pdf file

@INPROCEEDINGS{parrend08cbac,
author = {Pierre Parrend and Stephane Frenot},
title = {Component-based Access Control: Secure Software Composition through Static Analysis},
booktitle = {7th International Symposium on Software Composition},
year = {2008},
editor = {Springer},
volume = {4954/2008},
series = {LNCS},
pages = {68-83},
address = {Budapest},
month = {March},
url = {http://www.springerlink.com/content/k282223p57n56273/}
}

Go to the English version

Home-Pierre-Jean-Enseignement-Ressources techniques-Contact

Last update : 22 April 2008 - contact the webmaster