A formal approach to specifying access control security features of Java modules
Computer security has become a crucial issue in recent years. More than ever, computer scientists, developers and clients are concerned about the vulnerabilities and risks provoked by failures or omissions made in almost every stage of the software development process. More specifically, improper access to sensitive resources by malicious code has been recognized as an important source of failures, information loss, service denial, among others. In practice, software designers and developers are entitled to specify which sensitive resources within a system are to be protected from misuse by imposing access constraints on them. This work proposes a mechanism to produce such constraints by making use of formal specification for software modules, concretely, Java modules. The behavior of a Java module, such as a class or a method, can be specified in a formal way so that such specification can be used by specialized tools in order to reason about the correctness of its implementation with respect to a formal specification. We propose to extend a behavioral interface specification language, called Java Modeling Language (JML), so that access control constraints can be specified along with behavioral descriptions, relating the expected behavior of a module with the constraints imposed to sensitive resources, such as database files, network ports, memory space, etc. We present two different extensions, first, an approach called Permission-based approach, which makes use of the features of the Java security architecture. Next, we introduce a solution called Visibility-based approach, which restricts the visibility of a JML-annotated module in order to allow only certain clients to call the module, depending on its class or interface signature or method name. In order to support our approach we present the overall design and implementation issues of a prototype tool which generates runtime assertion checking (RAC) code based on a subset of the JML and our proposed extensions. We also present the results of evaluating our approach by means of a set of case studies. We discuss the lessons learned during the process, which show that our approach is suitable to specify the behavior of a Java module with respect to access control constraints. We also mention the limitations of our approach we have detected. We conclude by relating our proposal to existing approaches and discussing topics for future work.^
Rubio Medrano, Carlos Ernesto, "A formal approach to specifying access control security features of Java modules" (2008). ETD Collection for University of Texas, El Paso. AAI1453825.