Show simple item record

dc.contributor.authorHasu, Teroeng
dc.contributor.authorBagge, Anya Heleneeng
dc.contributor.authorHaveraaen, Magneeng
dc.date.accessioned2014-12-11T14:00:54Z
dc.date.available2014-12-11T14:00:54Z
dc.date.issued2013eng
dc.PublishedIn: Nielson, H. R., Gollmann, D. (eds.). Secure IT Systems: 51-66en_US
dc.identifier.isbn978-3-642-41487-9en_US
dc.identifier.issn0302-9743en_US
dc.identifier.urihttps://hdl.handle.net/1956/8916
dc.description.abstractPermission-based security models are common in smartphone operating systems. Such models implement access control for sensitive APIs, introducing an additional concern for application developers. It is important for the correct set of permissions to be declared for an application, as too small a set is likely to result in runtime errors, whereas too large a set may needlessly worry users. Unfortunately, not all platform vendors provide tools support to assist in determining the set of permissions that an application requires. We present a language-based solution for permission management. It entails the specification of permission information within a collection of source code, and allows for the inference of permission requirements for a chosen program composition. Our implementation is based on Magnolia, a programming language demonstrating characteristics that are favorable for this use case. A language with a suitable component system supports permission management also in a cross-platform codebase, allowing abstraction over different platform-specific implementations and concrete permission requirements. When the language also requires any “wiring” of components to be known at compile time, and otherwise makes design tradeoffs that favor ease of static analysis, then accurate inference of permission requirements becomes possible.en_US
dc.language.isoengeng
dc.publisherSpringeren_US
dc.relation.ispartofseriesLecture Notes in Computer Science; 8208en_US
dc.subjectlanguage-based securityeng
dc.subjectplatform security architectureseng
dc.subjectsecurity managementeng
dc.subjectSoftware engineeringeng
dc.titleInferring Required Permissions for Statically Composed Programsen_US
dc.typeChapter
dc.typePeer reviewed
dc.date.updated2014-12-11T13:53:34Z
dc.description.versionacceptedVersionen_US
dc.rights.holderCopyright 2013 Springer-Verlag Berlin Heidelbergen_US
dc.identifier.doihttps://doi.org/10.1007/978-3-642-41488-6_4
dc.identifier.cristin1083813


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record