Skip to main content
SpringerLink
Log in

Static use-based object confinement

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The confinement of object references is a significant security concern for modern programming languages. We define a language that serves as a uniform model for a variety of confined object reference systems. A use-based approach to confinement is adopted, which we argue is more expressive than previous communication-based approaches. We then develop a readable, expressive type system for static analysis of the language, along with a type safety result demonstrating that run-time checks can be eliminated. The language and type system thus serve as a reliable, declarative, and efficient foundation for secure capability-based programming and object confinement .

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Aldrich J, Kostadinov V, Chambers C (2002) Alias annotations for program understanding. In: Proceedings of the 17th ACM conference on object-oriented programming, systems, languages, and applications. ACM Press, New York, pp 311–330

  2. Banerjee A, Naumann D (2002) Representation independence, confinement and access control. In: Conference Record of POPL02: The 29TH ACM SIGPLAN-SIGACT symposium on principles of programming languages, Portland, OR, January 2002, pp 166–177

  3. Banerjee A, Naumann D (2003) Using access control for secure information flow in a java-like language. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW03)

  4. Bokowski B, Vitek J (1999) Confined types. In: Proceedings of the 14th annual ACM SIGPLAN conference on object-oriented programming systems, languages, and applications (OOPSLA), November 1999

  5. Boyland J, Noble J, Retert W (2001) Capabilities for aliasing: a generalisation of uniqueness and read-only. In: ECOOP’01 – Object-oriented programming, 15th European conference. Lecture notes in computer science, vol 2072. Springer, Berlin Heidelberg New York

  6. Bryce C, Vitek J (1999) The JavaSeal mobile agent kernel. In: 1st international symposium on agent systems and applications (ASA’99)/3rd international symposium on mobile agents (MA’99), Palm Springs, CA

  7. Clarke D (2001) An object calculus with ownership and containment. In: FOOL8 – the 8th international workshop on foundations of object-oriented languages

  8. Clarke D, Drossopoulou S (2002) Ownership, encapsulation and the disjointness of type and effect. In: Conference on object-oriented programming systems, languages and applications (OOPSLA)

  9. Clarke D, Noble J, Potter J (2001) Simple ownership types for object containment. In: ECOOP’01 – Object-oriented programming, 15th European conference. Lecture notes in computer science, vol 2072. Springer, Berlin, Heidelberg, New York

  10. Miller M, et al The E programming language. http://www.erights.org

  11. Fournet C, Gordon AD (2002) Stack inspection: theory and variants. In: Proceedings of the 29th symposium on principles of programming languages (POPL’02), January 2002

  12. Hawblitzel C, Chang C-C, Czajkowski G, Hu D, von Eicken T (1998) Implementing multiple protection domains in Java. In: 1998 USENIX annual technical conference, New Orleans, pp 259–270

  13. Hennessy M, Riely J (2002) Resource access control in systems of mobile agents. Inf Comput 173:83–120

    Article  MathSciNet  Google Scholar 

  14. Kain RY, Landwehr CE (1987) On access checking in capability-based systems. IEEE Trans Softw Eng 13(2):202–207

    Article  Google Scholar 

  15. Leino KRM, Nelson G (2002) Data abstraction and information hiding. ACM Trans Programm Lang Syst 24(5):491–553

    Article  Google Scholar 

  16. Müller P, Poetzsch-Heffter A (1999) Universes: a type system for controlling representation exposure. In: Poetzsch-Heffter A, Meyer J (eds) Programming languages and fundamentals of programming, Technical Report, vol 263. Fernuniversität Hagen

  17. Odersky M, Sulzmann M, Wehr M (1999) Type inference with constrained types. Theory Practice Object Syst 5(1):35–55

    Article  Google Scholar 

  18. Pottier F (2000) A versatile constraint-based type inference system. Nordic J Comput 7(4):312–347

    MathSciNet  Google Scholar 

  19. Pottier F, Conchon S (2000) Information flow inference for free. In: Proceedings of the the 5th ACM SIGPLAN international conference on functional programming (ICFP’00), September 2000, pp 46–57

  20. Pottier F, Skalka C, Smith S (2001) A systematic approach to static access control. In: Sands D (ed) Proceedings of the 10th European symposium on programming (ESOP’01), April 2001. Lecture notes in computer science, vol 2028. Springer, Berlin Heidelberg New York, pp 30–45

  21. Rémy D (1992) Projective ML. In: 1992 ACM conference on Lisp and functional programming, New York. ACM Press, New York, pp 66–75

  22. Rémy D (1993) Syntactic theories and the algebra of record terms. Research Report 1869, INRIA

  23. Rémy D (1993) Typing record concatenation for free. In: Gunter CA, Mitchell JC (eds) Theoretical aspects of object-oriented programming: types, semantics and language design. MIT Press, Cambridge, MA

  24. Shapiro J, Weber S (2000) Verifying the EROS confinement mechanism. In: 21st IEEE symposium on research in security and privacy

  25. Skalka C (2002) Types for programming language-based security. PhD thesis, Johns Hopkins University, Baltimore, MD

  26. Skalka C, Pottier F (2003) Syntactic type soundness for HM(X). Electronic notes in theoretical computer science, vol 75

  27. Skalka C, Smith S (2003) Set types and applications. Electronic notes in theoretical computer science, vol 75

  28. van Doorn L, Abadi M, Burrows M, Wobber E (1996) Secure network objects. In: IEEE symposium on security and privacy, May 1996

  29. Vitek J, Bokowski B (2001) Confined types in java. Softw Practice Exper 31(6):507–532

    Article  Google Scholar 

  30. Walker D (2000) A type system for expressive security policies. In: Conference record of POPL’00: The 27th ACM SIGPLAN-SIGACT symposium on principles of programming languages, Boston, MA, January 2000, pp 254–267

Download references

Author information

Authors and Affiliations

  1. The University of Vermont, Burlington, VT, 05405, USA

    Christian Skalka

  2. The Johns Hopkins University, Baltimore, MD, 21218, USA

    Scott Smith

Authors
  1. Christian Skalka
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Scott Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Skalka.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Skalka, C., Smith, S. Static use-based object confinement. IJIS 4, 87–104 (2005). https://doi.org/10.1007/s10207-004-0049-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0049-5

Keywords

Search

Navigation