A flexible access control service for Java mobile code

New Orleans, Louisiana December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898890

16th Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by A. Corradi Articles by R. Montanari Articles by E. Lupu Articles by M. Sloman Articles by C. Stefanelli

	ASCII Text	x
	A. Corradi, R. Montanari, E. Lupu, M. Sloman, C. Stefanelli, "A flexible access control service for Java mobile code," Computer Security Applications Conference, Annual, pp. 356, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000.

	BibTex	x
	@article{ 10.1109/ACSAC.2000.898890, author = {A. Corradi and R. Montanari and E. Lupu and M. Sloman and C. Stefanelli}, title = {A flexible access control service for Java mobile code}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2000}, issn = {1063-9527}, pages = {356}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2000.898890}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A flexible access control service for Java mobile code SN - 1063-9527 SP EP A1 - A. Corradi, A1 - R. Montanari, A1 - E. Lupu, A1 - M. Sloman, A1 - C. Stefanelli, PY - 2000 KW - Java; distributed programming; authorisation; Internet; specification languages; flexible access control service; Java mobile code; Internet applications; dynamic loading; remote servers; distributed heterogeneous clients; foreign code execution; security policies; technology diffusion; host node protection; code protection; sandbox model; downloaded code; source location; signature; inter-organisational environments; expressive languages; declarative language; Ponder; Java security architecture VL - 0 JA - Computer Security Applications Conference, Annual ER -

A. Corradi, Dipartimento di Elettronica, Inf. e Sistemistica, Bologna Univ., Italy

R. Montanari, Dipartimento di Elettronica, Inf. e Sistemistica, Bologna Univ., Italy

E. Lupu, Dipartimento di Elettronica, Inf. e Sistemistica, Bologna Univ., Italy

M. Sloman, Dipartimento di Elettronica, Inf. e Sistemistica, Bologna Univ., Italy

C. Stefanelli, Dipartimento di Elettronica, Inf. e Sistemistica, Bologna Univ., Italy

Mobile code (MC) technologies provide appealing solutions for the development of Internet applications. For instance, Java technology facilitates dynamic loading of application code from remote servers on to heterogeneous clients distributed all over the Internet. However, executing foreign code that has been loaded from the network raises significant security concerns which limit the diffusion of these technologies. Substantial work has already been done to provide security solutions for protecting both hosting nodes and MC. For example, the Java security architecture evolved from a rigid sandbox model to a more flexible solution where downloaded code can perform any kind of operation, depending on its source location and signature. However, the most widespread security solutions for MC platforms today do not support the sophisticated security policies required in modern inter-organisational environments. This requires expressive languages to specify the policy and flexible mechanisms for policy implementation which cater for code mobility. This paper shows how access control policies for MC-based applications can be specified in a concise and declarative language called Ponder, and how these policies can be implemented within the Java security architecture.

Index Terms:

Java; distributed programming; authorisation; Internet; specification languages; flexible access control service; Java mobile code; Internet applications; dynamic loading; remote servers; distributed heterogeneous clients; foreign code execution; security policies; technology diffusion; host node protection; code protection; sandbox model; downloaded code; source location; signature; inter-organisational environments; expressive languages; declarative language; Ponder; Java security architecture

Citation:

A. Corradi, R. Montanari, E. Lupu, M. Sloman, C. Stefanelli, "A flexible access control service for Java mobile code," acsac, pp.356, 16th Annual Computer Security Applications Conference (ACSAC'00), 2000

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.