Abstract
Several authors have proposed using code modification as a technique for enforcing security policies such as resource limits, access controls, and network information flows. However, these approaches are typically ad hoc and are implemented without a high level abstract framework for code modification. We propose using reflection as a mechanism for implementing code modifications within an abstract framework based on the semantics of the underlying programming language. We have developed a reflective version of Java called Kava that uses byte-code rewriting techniques to insert pre-defined hooks into Java class files at load time. This makes it possible to specify and implement security policies for mobile code in a more abstract and flexible way. Our mechanism could be used as a more principled way of enforcing some of the existing security policies described in the literature. The advantages of our approach over related work (SASI , JRes , etc.) are that we can guarantee that our security mechanisms cannot be bypassed, a property we call strong non-bypassability , and that our approach provides the high level abstractions needed to build useful security policies.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Cohen, G.A., Chase, J.S.: Automatic Program Transformation with JOIE. In: Proceedings of USENIX Annual Technical Symposium (1998)
Czajkowsik, G., von Eicken, T.: JRes: A Resource Accounting Interface for Java. In: ACM OOPSLA Conference (October 1998)
Dahm, M. : Bytecode Engineering. Java Informations Tage (1999)
Erlingsson, U., Schneider, F.: SASI Enforcement of Security Policies: A Retrospective. In: Proceedings New Security Paradigms Workshop (1999)
Evans, D., Twyman, A. : Flexible Policy-Directed Code Safety. In: IEEE Security and Privacy, Oakland, CA., May 9-12 (1999)
Florio, M.F., Gorrieri, R., Marchetti, G.: Coping with Denial of Service due to Malicious Java Applets. Computer Communications Journal (August 2000)
Fraser, T., Badger, L., Feldman, M. : Hardening COTS Software with Generic Software Wrappers. In: IEEE Security and Privacy, Oakland, CA., May 9-12 (1999 )
Gong, L.: Inside Java(TM) 2 Platform Security. Addison-Wesley, Reading (1999)
Gosling, J., Yellin, F., The Java Team: Java API Documentation Version 1.0.2, Sun Microsystems, Inc., 1996
Gosling, J., Joy, B., Steele, G.L.: The Java Language Specification. The Java Series. Addison-Wesley, Reading (1996)
Kiczales, G., des Rivieres, J.: The Art of the Metaobject Protocol. MIT Press, Cambridge (1991)
Maes, P. : Concepts and experiments in computational reflection. In: OOPSLA (1987)
Pandey, R., Hashii, B.: Providing Fine-Grained Access Control for mobile pro- grams through binary editing, Technical Report TR98-08, University of California, Davis (August 1998)
Java Team, JDK 1.1.8 Documentation, Sun Microsystems, Inc., (1996-1999)
Java Team, Java 2 SDK Documentation", Sun Microsystems, Inc. (1996-1999)
Java Security Team, Java Authentication and Authorization Service, Sun Microsystems, Inc. (1999), http://java.sun.com/security/jaas/index.html
Welch, I.: Reflective Enforcement of the Clark-Wilson Integrity Model. In: 2nd Workshop on Distributed Object Security, OOPSLA (1999)
Welch, I., Stroud, R.J.: Supporting Real World Security Models in Java. In: Proceedings of 7th IEEE International Workshop on Future Treads of Distributed Computing Systems, Cape Town, South Africa, December 20-22 (1999)
Welch, I., Stroud, R.J.: Kava: A Reflective Java based on Bytecode Rewriting. In: Cazzola, W., Stroud, R.J., Tisato, F. (eds.) Reflection and Software Engineering. LNCS, vol. 1826, p. 155. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Welch, I., Stroud, R.J. (2000). Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_19
Download citation
DOI: https://doi.org/10.1007/10722599_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive