GAP- Generating Access Permissions IJAZ AHMED advised by : NESTOR CATANO

GAP- Generating Access Permissions IJAZ AHMED advised by : NESTOR CATANO http://www3.uma.pt/ncatano/aeminium/GAP.html

GAP It takes a Java program and generates the likely access permissions It implements a modular and static analysis of Java programs. How it Works? It extracts the read, write and alias information from a Java source code through AST It generates a graph for every method that shows read, write and alias information It traverses the graph and gathers likely information It works in two mode i.e. Read mode and Write mode An implementation of the algorithm as an Eclipse plug-in is on way http://www3.uma.pt/ncatano/aeminium/GAP.html

General Idea http://www3.uma.pt/ncatano/aeminium/GAP.html

Notations, Terminology and Concepts Method Node an abstraction to represent method local environment Context Node an abstraction to represent external world/other references Reference Nodes class fields, parameters, local variables Object Nodes represent physical memory of objects Edges Read Edge Write Edge Pointe Edge http://www3.uma.pt/ncatano/aeminium/GAP.html

Some Rules http://www3.uma.pt/ncatano/aeminium/GAP.html General Idea To represent the read, write and alias information with edges Check the types of edges and number of Pointe edges to define access Permissions Types of Rules Graph Construction Rules Pre Access Permissions Rules (Graph Traversal) Post Access Permission Rules (Graph Traversal)

An Example- JAVA Program public class B{ int a; } public class A { B x,y,r; public Object method1(B z, Bw ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } http://www3.uma.pt/ncatano/aeminium/GAP.html

High Level Algorithm Make the set Z = {Fields} U {Parameters} Make the set M= object of set Z Make the set U = Z U M U { method, Context} Step 1- Create nodes for all items in set U Step 2- Apply the Pointe-Rule for elements in set Z and set M Step 3-Apply the rule Context-R if you are in mode R, otherwise apply rule Context-RW if you are in mode RW. public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y

High Level Algorithm Make the set Z = {Fields} U {Parameters} Make the set M= object of set Z Make the set U = Z U M U { method, Context} Step 1- Create nodes for all items in set U Step 2- Apply the Pointe-Rule for elements in set Z and set M Step 3-Apply the rule Context-R if you are in mode R, otherwise apply rule Context-RW if you are in mode RW. public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y P P PP

High Level Algorithm Make the set Z = {Fields} U {Parameters} Make the set M= object of set Z Make the set U = Z U M U { method, Context} Step 1- Create nodes for all items in set U Step 2- Apply the Pointe-Rule for elements in set Z and set M Step 3-Apply the rule Context-R if you are in mode R, otherwise apply rule Context-RW if you are in mode RW. public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R P P PP

public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R P PP High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. P

public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R P PP High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. t t P P

public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. t t P P

public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. t t P w P

High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP t t P w R P

public class A { B x,y,r; public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP t t P w R P

public class A { B x,y,r; full(x), full(y),full(z),Immutable(w) public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP t t P w R P

High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. public class A { B x,y,r; full(x), full(y),full(z),Immutable(w) public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP t t P w R P

High Level Algorithm Step 4-For every statement s in the method body, apply a graph construction rule according to the syntax of s. Step 5-Generate Pre-Permissions by applying Pre-Traversal Rules for items in set Z Step 6-Generate Post-Permissions by applying Post-Traversal Rules for items in set Z. public class A { B x,y,r; full(x), full(y),full(z),Immutable(w) Immutable(x), Immutable(y) public Object method1(B z, B w ){ x=w; Object t=x; y=t; z.a=15; System.print.out(x.a+w.a+t.a); return y; } Analysis of method1 http://www3.uma.pt/ncatano/aeminium/GAP.html z z w w x_object y_object w_object z_object x x method 1 context y y R R R R PP t t P w R P

Conclusion http://www3.uma.pt/ncatano/aeminium/GAP.html Present Status Can generate access permission for simple program Tested with some examples Under development Future Work Parser require further iterations to parse complex program Mapping of GAP Specifications with Plural Syntax Planning to run GAP on the MTTS application as a bench mark Integrate as an Eclipse plug-in with Plural Link http://www3.uma.pt/ncatano/aeminium/GAP.html

Documents

GAP- Generating Access Permissions IJAZ AHMED advised by : NESTOR CATANO