Hardening Java's Access Control by Abolishing Implicit Privilege Elevation

Explore a comprehensive analysis of Java's access control vulnerabilities in this IEEE Symposium on Security & Privacy conference talk. Delve into the study of shortcuts that bypass stack-based access control, leading to implicit privilege elevation and potential security risks. Examine the consequences of these shortcuts, including their impact on software maintenance and the introduction of confused-deputy vulnerabilities. Learn about a proposed solution involving a tool-assisted adaptation of the Java Class Library to implement explicit privilege elevation. Discover how these changes can significantly enhance the security of Java applications by hindering new vulnerabilities and restricting attacker capabilities. Gain insights into usability considerations and performance implications of implementing faithful stack-based access control in Java.

Introduction
Joint Work
Java Security Model
Information Checks
Model Deviation
Example
Permission Check
Shortcut
Consequences
Shortcuts prevent
Shortcut example
System class example
Sample exploits
Moving from Implicit to Explicit
Removing Conditionals
Implementation
General Lessons
Questions