Abstract
Software developers rely on sophisticated programming language protection models and APIs to manifest security policies for Internet applications. These tools do not provide suitable expressiveness for finegrained, configurable policies. Nor do they ensure the consistency of a given policy implementation. Programmable security provides syntactic and semantic constructs in programming languages for systematically embedding security functionality within applications. Furthermore, it facilitates compile-time and run-time security-checking (analogous to type-checking). This paper introduces a methodology for programmable security by language extension, as well as a prototype model and implementation of JPAC, a programmable access control extension to Java.
Chapter PDF
References
Andrews, G. and Reitman, R. (1980) An axiomatic approach to information flow in programs. ACM Transactions on Programming Languages and Systems, 2(1), 56–76.
Arnold, K. and Gosling, J. (1998) The Java Programming Language, 2nd Edition. Addison-Wesley, Reading, Massachusetts.
Bracha, G., Odersky, M., Stoutamire, D. and Wadler, P. (1998) Making the future safe for the past: Adding genericity to the Java programming language Object Oriented Programming: Systems, Languages and Applications (OOPSLA) ACM SIGPLAN Notices 33(10), 183–200.
Dean, D., Felten, E. and Wallach, D. (1996) Java security: From HotJava to Netscape and beyond. Proceedings of the IEEE Symposium on Research in Security. and Privacy, 190–200.
Denning, D. and Denning, P. (1977) Certification of programs for secure information flow. Communications of the ACM, 20(7), 504–513.
Dionysiou, I. (2000) A Formal Semantics for Programmable Access Control, Masters Thesis, Washington State University.
Fabry, R. (1974) Capability-based addressing. Communications of the ACM, 17(7), 403–412.
Gilgor, V., Huskamp, J., Welke, S., Linn, C., and Mayfield, W. (1987) Traditional capability-based systems: An analysis of their ability to meet the trusted computer security evaluation criteria, Institute for Defense Analyses, IDA Paper P-1935.
Gong, L. (1998) Secure Java class loading. IEEE Internet Computing, 2(6), 56–61.
Gong, L., Mueller, M., Prafullchandra, H. and Schemers, R. (1997) Going beyond the sandbox: An overview of the new security architecture in the Java Development Kit 1.2. Proceedings of the USENIX Symposium on Internet Technologies. and Systems, 103–112.
Gong, L. and Schemers, R. (1998) Implementing protection domains in the Java Development Kit 1.2. Proceedings of the Internet Society Symposium on Network. and Distributed System Security, 125–134.
Hale, J., Papa, M. and Shenoi, S. (1999) Programmable security for objectoriented systems, in Database Security, XII: Status and Prospects (ed. S. Jajodia), Kluwer, Dordrecht, The Netherlands, 109–126.
Hale, J., Threet, J. and Shenoi, S. (1998) Capability-based primitives for access control in object-oriented systems, in Database Security, XI: Status and Prospects (eds. T.Y. Lin and X. Qian), Chapman and Hall, London, 134–150.
Hale, J., Threet, J. and Shenoi, S. (1997) A framework for high assurance security of distributed objects, in Database Security, X: Status and Prospects (eds. P. Samarati and R. Sandhu), Chapman and Hall, London, 101–119.
Heintze, N. and Riecke, J. (1998) The SLam calculus: Programming with security and integrity. Proceedings of the Twenty-Fifth ACM SIGPLAN-SIGACT on. Principles of Programming Languages, 365–377.
Karger, P. (1984) An augmented capability architecture to support lattice security. Proceedings of the IEEE Symposium on Research in Security and Privacy, 2–12.
Karger, P. (1988) Implementing commercial data integrity with secure capabilities. Proceedings of the IEEE Symposium on Research in Security and Privacy, 130–139.
Myers, A. (1999) JFlow: Practical mostly-static information flow control. Proceedings. of the Twenty-Sixth ACM SIGPLAN-SIGACT on Principles of Programming Languages, 229–241.
Myers, A. and Liskov, B. (1997) A decentralized model for information flow control. Proceedings of the Sixteenth ACM Symposium on Operating System Principles, 129–142.
Smith, G. and Volpano, D. (1998) Secure information flow in a multi-threaded imperative language. Proceedings of the Twenty-Fifth ACM SIGPLAN-SIGACT on Principles of Programming Languages, 355–364.
Sun Microsystems. (1999) Clarifications and Amendments to The Java Language Specification, http://www.java.sun.com/docs/books/jls/clarify.html.
Sun Microsystems. (1997) Inner Classes Specification.
Sun Microsystems. (1999) Clarifications and Amendments to the Inner Classes Specification, http://www.java.sun.com/docs/books/jls/nested-class-clarify.html
Van Doorn, L., Abadi, M., Burrows, M. and Wobber, E. (1996) Secure network objects. Proceedings of the IEEE Symposium on Research in Security and Privacy, 211–221.
Volpano, D., Smith, G. and Irvine, C. (1996) A sound type system for secure flow analysis. Journal of Computer Security, 4(3), 167–187.
Wallach, D., Balfanz, D., Dean, D. and Felten, E. (1997) Extensible security architectures for Java. Proceedings of the 16th Symposium on Operating Systems Principles, 116–128.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Kluwer Academic Publishers
About this chapter
Cite this chapter
Hale, J., Chandia, R., Campbell, C., Papa, M., Shenoi, S. (2002). Language Extensions for Programmable Security. In: Thuraisingham, B., van de Riet, R., Dittrich, K.R., Tari, Z. (eds) Data and Application Security. IFIP International Federation for Information Processing, vol 73. Springer, Boston, MA. https://doi.org/10.1007/0-306-47008-X_20
Download citation
DOI: https://doi.org/10.1007/0-306-47008-X_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7514-2
Online ISBN: 978-0-306-47008-0
eBook Packages: Springer Book Archive