Abstract
Despite its fully distributed and multi-party execution model, Java only supports centralized and single party access control. We suggest a new access control model for mobile code that copes with the shortcomings of the current access control model of Java. This new model is based on two key enhancements: the association of access control information with each mobile code segment in the form of attributes and the introduction of intermediate elements in the access control schema. The combination of the current ACL-based approach with the capability scheme achieved through mobile code attributes allows the new access control model to address dynamic multi-party scenarios while keeping the burden of security policy configuration at a minimum. We finally sketch the design of an access control system based on the proposed model using Simple Public Key Infrastructure (SPKI) certificates.
Chapter PDF
Similar content being viewed by others
References
Abadi, M.: On SDSI’s Linked Local Name Spaces. Journal of Computer Security 6, 3–21 (1998)
Appel, A., Felten, E.: Proof-Carrying Authentication. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore (November 1999)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: Simple Public Key Certificate, Internet Draft <draft-ietf-spki-cert-structure-05.txt> (March 1998)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Examples, Internet Draft <draft-ietf-spki-cert-examples-01.txt> (March 1998)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory, RFC 2693 (September 1999)
Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going Beyond the Sandbox: An Overview of the New Security Architecture in the JavaTM Development Kit 1.2. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California (December 1997)
ITU-T. Recommendation X.509: The Directory - Authentication Framework (1988)
Kassab, L., Greenwald, S.: Towards Formalizing the Java Secu- rity Architecture in JDK 1.2. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 191–207. Springer, Heidelberg (1998)
Necula, G.C.: Proof-Carrying Code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, Paris, France (January 1997)
Necula, G.C., Lee, P.: Safe, Untrusted Agents using Proof- Carrying Code. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, p. 61. Springer, Heidelberg (1998)
Nikander, P., Partanen, J.: Distributed Policy Management for JDK 1.2. In: Proceedings of Network and Distributed System Security Symposium, San Diego, California (February 1999)
Partanen, J., Nikander, P.: Adding SPKI Certificates to JDK 1.2. In: Proceedings of the Nordsec 1998, the Third Nordic Workshop on Secure IT Systems, Trondheim, Norway (November 1998)
Rivest, R., Lampson, B.: SDSI - A Simple Distributed Security Infrastructure. In: Proceedings of the 1996 Usenix Symposium (1996)
Sun Microsystems Inc. Sun. JDK 1.2 Security Documentation (April 1998), http://java.sun.com/products/jdk/1.2/docs/guide/security/index
Wallach, D., Balfanz, D., Dean, D., Felten, E.: Extensible Security Architectures for Java. In: Proceedings of the 16th Symposium on Operating Systems Principles, Saint-Malo, France (October 1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Molva, R., Roudier, Y. (2000). A Distributed Access Control Model for Java. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_18
Download citation
DOI: https://doi.org/10.1007/10722599_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive