[cap-talk] Stack walking is capability access control?
Sandro Magi
smagi at higherlogics.com
Mon May 14 11:12:51 EDT 2007
There's an interesting PhD proposal to develop a safe reflection
mechanism that does not violate the parametricity of abstract types [1].
In his analysis, the author examined various approaches to controlling
access to this private state, including capabilities (Section 2.2), but
he classifies stack walking as capability-based access control:
A well-known capability based access control mechanism is the stack
inspection based access control introduced in version 1.2 of the Java
Virtual Machine (JVM) (Lindholm and Yellin 1999).
This seems wrong, since stack walking is an implicit subject-based
security check, rather than object-based. Is that the important
distinction here, or is it something else?
By the way, the author ultimately concludes that information flow
analysis is the only safe approach to reflection, since it can properly
track the dependencies necessary to recover parametricity.
Sandro
[1] http://www.cis.upenn.edu/~geoffw/research/papers/phd-proposal.pdf
More information about the cap-talk
mailing list