MQP:Paper Outline
From JimboWiki
- Introduction
- Problem Description
- Introduction to Java Security
- Challenges in using Java Security
- Other approaches to security?
- Methods
- Static Analysis
- Goals
- Algorithm
- Koved's algorithm for Java 1.2
- Extensions and refinements
- Threads
- doPrivileged
- Basic Data Flow Analysis
- Implementation
- Soot
- Call graph generation
- Type analysis
- Data flow analysis
- Analysis Class Structure
- Soot
- Limitations of static analysis data
- Action Centric Model
- Goals
- Design
- Resources
- Groups of actions
- Actions
- Action Definitions
- Filled Actions
- Rules
- Rule Definitions
- Filled Rules
- Rules and permissions
- Action to rule translation
- Resources
- Implementation
- Action Model Class Structure
- XML Specification of Definitions
- NetBeans Tool
- Static Analysis
- Results
- Static Analysis
- Successes
- Permission information
- Summary of permission requirements
- Limitations
- Call graph generation
- Runtime type identification
- Runtime parameter identification
- Successes
- Action Centric Model
- Successes
- Representation of high-level model
- Independence from security implementation?
- Ease of development
- Extensions
- Model
- Parameterized Resources
- Actions Containing Actions
- Tool
- Integration with Static Analysis
- Use for application deployment
- Creation of real policy files
- Storage of policies
- User interface improvement
- Model
- Successes
- Static Analysis
- Conclusions
- Helpfulness of identifying permissions
- Low-level view of security
- Specificity of results
- Utility of Action Centric security model
- High-level model
- Separation of model and security implementation
- Helpfulness of identifying permissions