Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Computer Engineering
Access Control Contracts For Java Program Modules, Carlos E. Rubio-Medrano, Yoonsik Cheon
Access Control Contracts For Java Program Modules, Carlos E. Rubio-Medrano, Yoonsik Cheon
Departmental Technical Reports (CS)
Application-level security has become an issue in recent years; for example, errors, discrepancies and omissions in the specification of access control constraints of security-sensitive software components are recognized as an important source for security vulnerabilities. We propose to formally specify access control assumptions or constraints of a program module and enforce them at run-time. We call such specifications access control contracts. To realize access control contracts, we extended the JML language, a formal interface specification language for Java, and developed a prototype support tool that translates access control contracts to runtime checks. The access control contract reduces the vulnerability that …