Abstract
Safe-Tcl is a mechanism for controlling the execution of programs written in the Tcl scripting language. It allows untrusted scripts (applets) to be executed while preventing damage to the environment or leakage of private information. Safe-Tcl uses a padded cell approach: each applet is isolated in a safe interpreter where it cannot interact directly with the rest of the application. The execution environment of the safe interpreter is controlled by trusted scripts running in a master interpreter. Safe-Tcl provides an alias mechanism that allows applets to request services from the master interpreter in a controlled fashion. Safe-Tcl allows a variety of security policies to be implemented within a single application, and it supports both policies that authenticate incoming scripts and those that do not.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
K. Arnold and J. Gosling, The Java Programming Language, Addison-Wesley, ISBN 0-201-63455-4, 1996.
N. Borenstein, “EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail,” IFIP WG 6.5 Conference, Barcelona, May, 1994, North Holland, Amsterdam, 1994.
D. Denning and P. Denning, “Data Security,” Computing Surveys, Vol. 11, No. 3, September 1979, pp. 227–249.
B. Lampson, “A Note on the Confinement Problem,” Communications of the ACM, Vol. 16, No. 10, October 1973, pp. 613–615.
B. Lampson, M. Abadi, M. Burrows, and E. Wobber, “Authentication in Distributed Systems: Theory and Practice,” ACM Transactions on Computer Systems, Vol. 10, No. 4, November 1992, pp. 265–310.
J. Levy, Welcome to the Tcl Plugin, http://www.sunlabs.com/research/tcl/plugin/.
Netscape Inc., “JavaScript in Navigator 3.0,” http://www.home.netscape.com/eng/mozilla/3.0/handbook/javascript/atlas.html#taint_dg.
J. Ousterhout, Tcl and the Tk Toolkit, Addison-Wesley, ISBN 0-201-63337-X, 1994.
R. Rivest, The MD5 Message Digest Algorithm, RFC 1321, April 1992.
R. Wahbe, S. Lucco, T. Anderson, and S. Graham, “Efficient Software-Based Fault Isolation,” Proc. 14th Symposium on Operating Systems Principles, Operating Systems Review, Vol. 27, No. 5, December, 1993, pp. 203–216.
B. Welch, Practical Programming in Tcl and Tk, Prentice-Hall, ISBN 0-13-182007-9, 1995.
J. White, Telescript Technology: The Foundation for the Electronic Marketplace, white paper, General Magic, Inc., 1994.
F. Yellin, “Low Level Security in Java,” World-Wide Web Conference, Boston MA, December 1995. Also available as http://www.javasoft.com/sfaq/verifier.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ousterhout, J.K., Levy, J.Y., Welch, B.B. (1998). The Safe-Tcl Security Model. In: Vigna, G. (eds) Mobile Agents and Security. Lecture Notes in Computer Science, vol 1419. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68671-1_12
Download citation
DOI: https://doi.org/10.1007/3-540-68671-1_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64792-8
Online ISBN: 978-3-540-68671-2
eBook Packages: Springer Book Archive