A Full Automatic Detection Method for Security Policy of JVM Run-Time Library

WU Rong-hui; WANG Ning; SUN Jian-hua; CHEN Hao; CHEN Zhi-wen

doi:10.3969/j.issn.0372-2112.2013.01.028

您当前的位置：

首页 >

文章列表页 >

A Full Automatic Detection Method for Security Policy of JVM Run-Time Library

更新时间：2025-07-16

- A Full Automatic Detection Method for Security Policy of JVM Run-Time Library
- Acta Electronica Sinica Vol. 41, Issue 1, Pages: 161-165(2013)
- 作者机构：
  
  湖南大学信息科学与工程学院,湖南,长沙,410082
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China (No.60803130, No.61173166);Plan for the growth of young teachers of Hunan University
- DOI：10.3969/j.issn.0372-2112.2013.01.028
  CLC： TN309
- Published：2013
- 稿件说明：
移动端阅览
WU Rong-hui, WANG Ning, SUN Jian-hua, et al. A Full Automatic Detection Method for Security Policy of JVM Run-Time Library[J]. Acta Electronica Sinica, 2013, 41(1): 161-165.
DOI：

WU Rong-hui, WANG Ning, SUN Jian-hua, et al. A Full Automatic Detection Method for Security Policy of JVM Run-Time Library[J]. Acta Electronica Sinica, 2013, 41(1): 161-165. DOI： 10.3969/j.issn.0372-2112.2013.01.028.

摘要

JVM运行时库通过调用自身库函数的安全管理器类能够实现多种安全策略

其中非常重要的一条安全策略是保证程序在执行敏感操作之前必须进行相应的访问控制权限检查.传统上依赖于人工分析来确保JVM运行时库满足该安全策略

由于Java标准类库涵盖上千个类

上万个方法

且处于快速发展和演化过程中

人工分析费时费力

容易出错.本文提出一种全自动、高效、快速的模型检测方法评估JVM是否遵守这一安全策略

扫描Java标准类库字节码文件

将类的成员方法生成控制流图

通过定义检验模型

结合污点分析计算出方法摘要

自动检测出风险方法.

Abstract

JVM run-time library can implement various security policies by calling the library functions of its own

one of the extremely important security policy requires that sensitive operations must be performed after access control permissions checks.Traditionally it relies manual analysis to ensure that the JVM run-time library satisfy this security policy.Java standard library

covering thousands of classes

tens of thousands of methods

is in rapid development and high-rate evolution.It is time-consuming and error-prone to analyze the security policy artificially.This paper presents a full automatic

efficient and rapid model detection method for evaluating that whether the JVM in compliance with this security policy.Scanning the byte code files of Java standard class library

generating control flow graph of the member methods

our method can work out method summary by taint analysis after defining detecting model and automatically detect the risky methods.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research Progress on Attribute-Based Access Control

Performance Oriented Allocation Scheme for Scratch-Pad Memory

A Framework for Implementing Dynamically Modified Least Privilege Security Policy

Security Policies Study for Information Systems

Hybrid Instruction Prefetch Based on Control Flow

Related Author

FONT

ZHANG Li-chen

FU Hong

WANG Xiao-ming

Verdana

FONT face

YANG Jun

PU Han-lai

Related Institution

School of Computer Science and Technology, Shaanxi Normal University

National ASIC System Engineering Technology Research Center, Southeast University

Institute of SoftwareChinese Academy of SciencesBeijing 100080China

School of Software and MicroelectronicsPeking UniversityBeijing 102600China

Institute of Software,Chinese Academy of Sciences

⁰