SPLASH 2015 (series) / DLS 2015 (series) / DLS 2015 /
Access Control to Reflection with Object Ownership
Tue 27 Oct 2015 17:06 - 17:30 at Grand Station 3 - Session 4, Empirical Studies
Reflection is a powerful programming language feature that enables language extensions, generic code, dynamic analyses, development tools, etc. However uncontrolled reflection breaks object encapsulation and considerably increases the attack surface of programs, eg. malicious libraries can use reflection to attack their client applications. To bring reflection and object encapsulation back together, we use dynamic object ownership to design an access control policy to reflective operations. This policy grants objects full reflective power over the objects they own but limited reflective power over other objects. Code is still able to use advanced reflective operations but reflection cannot be used as an attack vector anymore.
Tue 27 OctDisplayed time zone: Eastern Time (US & Canada) change
Tue 27 Oct
Displayed time zone: Eastern Time (US & Canada) change
15:30 - 17:30 | |||
15:30 24mTalk | Measuring Polymorphism in Python Programs DLS | ||
15:54 24mTalk | Tracking Down Performance Variation Against Source Code Evolution DLS | ||
16:18 24mTalk | Server-Side Type Profiling for Optimizing Client-Side JavaScript Engines DLS Madhukar Kedlaya University of California, Santa Barbara, Behnam Robatmili Qualcomm Research, Ben Hardekopf UC Santa Barbara | ||
16:42 24mTalk | An Empirical Investigation of the Effects of Type Systems and Code Completion on API Usability using TypeScript and JavaScript in MS Visual Studio DLS Lars Fischer University of Duisburg-Essen, Essen, Germany, Stefan Hanenberg University of Duisburg-Essen | ||
17:06 24mTalk | Access Control to Reflection with Object Ownership DLS Camille Teruel INRIA, Stéphane Ducasse INRIA, France, Damien Cassou Lille 1 University, Marcus Denker INRIA Lille | ||