Home // SECURWARE 2018, The Twelfth International Conference on Emerging Security Information, Systems and Technologies // View article

Secure Cooperation of Untrusted Components

Authors:
Roland Wismüller
Damian Ludwig

Keywords: Software-components, security, typesystems

Abstract:
A growing number of computing systems, e.g., smart phones or web applications, allow to compose their software of components from untrusted sources. For security reasons, such a system should grant a component just the permissions it really requires, which implies that permissions must be sufficiently fine-grained. This leads to two questions: How to know and to specify the required permissions, and how to enforce access control in a flexible and efficient way? We suggest a novel approach based on the object capability paradigm with access control at the level of individual methods, which exploits two fundamental ideas: we simply use a component’s published interface as a specification of its required permissions, and extend interfaces with optional methods, allowing to specify permissions which are not strictly necessary, but desired for a better service level. These ideas can be realized within a static type system, where interfaces specify both the availability of methods, as well as the permission to use them. In addition, we support deep attenuation of rights with automatic creation of membranes, where necessary. Thus, our access control mechanisms are easy to use and also efficient, since in most cases permissions can be checked when the component is deployed, rather than at run-time.

Pages: 103 to 107

Copyright: Copyright (c) IARIA, 2018

Publication date: September 16, 2018

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-661-3

Location: Venice, Italy

Dates: from September 16, 2018 to September 20, 2018