Abstract
This work describes a new technique for analysis of Java 2, Enterprise Edition (J2EE) applications. In such applications, Enterprise Java Beans (EJBs) are commonly used to encapsulate the core computations performed on Web servers. Access to EJBs is protected by application servers, according to role-based access control policies that may be created either at development or deployment time. These policies may prohibit some types of users from accessing specific EJB methods.We present a static technique for analyzing J2EE access control policies with respect to security-sensitive fields of EJBs and other server-side objects. Our technique uses points-to analysis to determine which object fields are accessed by which EJB methods, directly or indirectly. Based on this information, J2EE access control policies are analyzed to identify potential inconsistencies that may lead to security holes.
- CORBA/IIOP 2.2 specification. ftp://ftp.omg.org/pub/docs/formal/98-02-01.pdf, Feb. 1998.Google Scholar
- A. D. Brucker and B. Wolff. Testing distributed component based systems using UML/OCL. In Informatik 2001, volume 1, pages 608--614, Nov. 2001.Google Scholar
- D. Clarke, M. Richmond, and J. Noble. Saving the world from bad beans: deployment-time confinement checking. In Proceedings of the 18th ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications (OOPSLA), pages 374--387. ACM Press, 2003. Google ScholarDigital Library
- E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. A fine-grained access control system for xml documents. ACM Transactions on Information Systems Security, 5(2):169--202, 2002. Google ScholarDigital Library
- D. Ferraiolo and R. Kuhn. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference, pages 554--563, 1992.Google Scholar
- L. Gong. Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, June 1999. Google ScholarDigital Library
- J. Hatcliff, X. Deng, M. B. Dwyer, G. Jung, and V. P. Ranganath. Cadena: an integrated development, analysis, and verification environment for component-based systems. In Proceedings of the 25th international conference on Software engineering, pages 160--173, 2003. Google ScholarDigital Library
- M. S. Hecht. Flow Analysis of Computer Programs. North-Holland, New York, 1977. Google ScholarDigital Library
- M. Hind. Pointer analysis: Haven't we solved this problem yet? In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, pages 54--61, June 2001. Google ScholarDigital Library
- D. Jackson. Alloy: a lightweight object modelling notation. ACM Transactions on Software Engineering Methodology, 11(2):256--290, 2002. Google ScholarDigital Library
- D. Jackson, I. Schechter, and H. Shlyahter. Alcoa: the alloy constraint analyzer. In Proceedings of the 22nd international conference on Software engineering, pages 730--733. ACM Press, 2000. Google ScholarDigital Library
- L. Koved, M. Pistoia, and A. Kershenbaum. Access rights analysis for java. In Proceedings of the 17th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, pages 359--372. ACM Press, 2002. Google ScholarDigital Library
- M. Kudo and S. Hada. Xml document security based on provisional authorization. In Proceedings of the 7th ACM conference on Computer and communications security, pages 87--96. ACM Press, 2000. Google ScholarDigital Library
- M. Murata, A. Tozawa, M. Kudo, and S. Hada. Xml access control using static analysis. In Proceedings of the 10th ACM conference on Computer and communication security, pages 73--84. ACM Press, 2003. Google ScholarDigital Library
- A. C. Myers and B. Liskov. A decentralized model for information flow control. In Proceedings of the sixteenth ACM symposium on Operating systems principles, pages 129--142. ACM Press, 1997. Google ScholarDigital Library
- G. Naumovich. A conservative algorithm for computing the flow of permissions in Java programs. In Proceedings of the International Symposium on Software Testing and Analysis, pages 33--43, July 2002. Google ScholarDigital Library
- Object Management Group. Object constraint language specification, chapter 6 of omg unified modeling language specification (draft). http://www.omg.org/uml, Feb. 2001.Google Scholar
- M. Pistoia, N. Nagaratnam, L. Koved, and A. Nadalin. Enterprise Java Security: Building Secure J2EE Applications. Addison-Wesley, Reading, MA, 2004. Google ScholarDigital Library
- F. Ricca and P. Tonella. Analysis and testing of web applications. In Proceedings of the 23rd international conference on Software engineering, pages 25--34. IEEE Computer Society, 2001. Google ScholarDigital Library
- Robby, M. B. Dwyer, and J. Hatcliff. Bogor: an extensible and highly-modular software model checking framework. In Proceedings of the 9th European software engineering conference held jointly with 10th ACM SIGSOFT international symposium on Foundations of software engineering, pages 267--276. ACM Press, 2003. Google ScholarDigital Library
- R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, Feb. 1996. Google ScholarDigital Library
- A. Schaad and J. D. Moffett. A lightweight approach to specification and analysis of role-based access control extensions. In Proceedings of the seventh ACM symposium on Access control models and technologies, pages 13--22. ACM Press, 2002. Google ScholarDigital Library
- A. L. Souter and L. L. Pollock. The construction of contextual def-use associations for object-oriented systems. IEEE Trans. Softw. Eng., 29(11):1005--1018, 2003. Google ScholarDigital Library
- Sun Microsystems. Enterprise javabeans specification, v. 2.1. http://java.sun.com/products/ejb/docs.html.Google Scholar
- Sun Microsystems. Java security architecture. http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/security-%specTOC.fm.html, 1998.Google Scholar
- Sun Microsystems. Java remote method invocation specification. http://java.sun.com/j2se/1.4.2/docs/guide/rmi/spec/rmiTOC.html, 2003.Google Scholar
- Sun Microsystems. Java 2 platform, enterprise edition (j2ee). http://java.sun.com/j2ee/, 2004.Google Scholar
- J. Whaley and M. Rinard. Compositional pointer and escape analysis for Java programs. In Proceedings of the ACM SIGPLAN Conference on Object-Oriented Programming, pages 187--206, Oct. 1999. Google ScholarDigital Library
Comments