SAFKASI: A security mechanism for language-based systems

Dan S. Wallach, Andrew W. Appel, Edward W. Felten

Research output: Contribution to journalArticlepeer-review

95 Scopus citations

Abstract

In order to run untrusted code in the same process as trusted code, there must be a mechanism to allow dangerous calls to determine if their caller is authorized to exercise the privilege of using the dangerous routine. Java systems have adopted a technique called stack inspection to address this concern. But its original definition, in terms of searching stack frames, had an unclear relationship to the actual achievement of security, overconstrained the implementation of a Java system, limited many desirable optimizations such as method inlining and tail recursion, and generally interfered with interprocedural optimization. We present a new semantics for stack inspection based on a belief logic and its implementation using the calculus of security-passing style which addresses the concerns of traditional stack inspection. With security-passing style, we can efficiently represent the security context for any method activation, and we can build a new implementation strictly by rewriting the Java bytecodes before they are loaded by the system. No changes to the JVM or bytecode semantics are necessary. With a combination of static analysis and runtime optimizations, our prototype implementation shows reasonable performance (although traditional stack inspection is still faster), and is easier to consider for languages beyond Java. We call our system SAFKASI (the Security Architecture Formerly Known as Stack Inspection).

Original languageEnglish (US)
Pages (from-to)341-378
Number of pages38
JournalACM Transactions on Software Engineering and Methodology
Volume9
Issue number4
DOIs
StatePublished - Oct 2000

All Science Journal Classification (ASJC) codes

  • Software

Keywords

  • D.1.5 [Programming Techniques]: Object-oriented Programming
  • D.2.0 [Software Engineering]: General - Protection mechanisms
  • D.3.2 [Programming Languages]: Language Classifications - Object-oriented languages

Fingerprint

Dive into the research topics of 'SAFKASI: A security mechanism for language-based systems'. Together they form a unique fingerprint.

Cite this