Abstract
In this chapter, we present a history-based access-control mechanism that is suitable for mediating accesses from mobile code. The key idea behind history-based access-control is to maintain a selective history of the access requests made by individual programs and to use this history to improve the differentiation between safe and potentially dangerous requests. What a program is allowed to do depends on its own behavior and identity in addition to currently used discriminators like the location it was loaded from or the identity of its author/provider. History-based access-control has the potential to significantly expand the set of programs that can be executed without compromising security or ease of use. We describe the design and implementation of Deeds, a history-based access-control mechanism for Java. Access-control policies for Deeds are written in Java, and can be updated while the programs whose accesses are being mediated are still executing.
This paper is a reprint of a paper that appeared in the Fifth ACM Conference on Computer and Communications Security (November 3–5, 1998).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
A. Alexandrov, M. Ibel, K. Schauser, and C. Scheiman. Extending the operating system at the user level: the Ufo global file system. In Proceedings of the 1997 USENIX Annual Technical Conference, 1997.
B. Bershad, S. Savage, P. Pardyak, et al. Extensibility, safety and performance in the spin operating system. In Proc of the 15th ACM Symposium on Operating System Principles, pages 267–84, 1995.
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc of the 17th Symposium on Security and Privacy, pages 164–73, 1996.
D. Brewer and M. Nash. The Chinese Wall Security Policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, 1989.
C. Chambers, S. Eggers, J. Auslander, M. Philipose, M. Mock, and P. Pardyak. Automatic dynamic compilation support for event dispatching in extensible systems. In Workshop on Compiler Support for Systems Software, 1996.
B. Christiansen, P. Cappello, M. Ionescu, M. Neary, K. Schauser, and D. Wu. Javelin: Internet-based parallel computing using Java. In Proceedings of the 1997 ACM Workshop on Java for Science and Engineering Computation, 1997.
G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. Technical report, University of California, Santa Barbara, 1997.
R. Englander. Developing Java Beans. O’Reilly & Associates, 1997.
J. Fritzinger and M. Mueller. Java security. Technical report, Sun Microsystems, Inc, 1996.
T. Gamble. Implementing execution controls in Unix. In Proceedings of the 7th System Administration Conference, pages 237–42, 1993.
I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. A secure environment for untrusted helper applications: confining the wily hacker. In Proceedings of the 1996 USENIX Security Symposium, 1996.
L. Gong. New security architectural directions for Java. In Proceedings of IEEE COMPCON’97, 1997.
C. Gunter and T. Jim. Design of an application-level security infrastructure. In DIMACS Workshop on Design and Formal Verification of Security Protocols, 1997.
The HashJava code obfuscator. Available from 4thPass Software, 810 32nd Avenue South, Seattle, WA 98144.
J. Hollingsworth, B. Miller, and J. Cargille. Dynamic program instrumentation for scalable performance tools. In SHPCC, 1994.
J. Hollingsworth and E. Miller. Using content-derived names for caching and software distribution. In Proceedings of the 1997 ACm Symposium on Software Reusability, 1997.
C. Horstmann and G. Cornell. Core Java 1.1, volume I-Fundamentals. Sun Microsystems Press, third edition, 1997.
T. Jaeger, A. Prakash, and A. Rubin. Building systems that flexibly control downloaded executable context. In Proc of the 6th Usenix Security Symposium, 1996.
S. Jajodia, P. Samarati, V. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. In Proc. ACM SIGMOD Int’l. Conf. on Management of Data, pages 474–85, 1997.
The JavaCC parser generator. Available from Sun Microsystems Inc. 901 San Antonio Road, Palo Alto, CA 94303 USA.
The JaWavedit Audio File Editor. Available from Florian Bomers’ web site.
The Jeevan object-oriented database. Available from W3apps Inc., Ft. Lauderdale, Florida.
The JLex lexical analyzer generator. Available from the Department of Computer Science, Princeton University.
M. Jones. Interposition agents: Transparently interposing user code at the system interface. In Proceedings of the 14th ACM Symposium on Operating System Principles, 1993.
P. Karger. Limiting the damage potential of the discretionary trojan horse. In Proceedings of the 1987 IEEE Syposium on Research in Security and Privacy, 1987.
M. King. Identifying and controlling undesirable program behaviors. In Proceedings of the 14th National Computer Security Conference, 1992.
C. Ko, G. Fink, and K. Levitt. Automated detection of vulnerabilities in privileged programs by execution monitoring. In Proceedings. 10th Annual Computer Security Applications Conference, pages 134–44, 1994.
N. Lai and T. Gray. Strengthening discretionary access controls to inhibit trojan horses and computer viruses. In Proceedings of the 1988 USENIX Summer Symposium, 1988.
N. Mehta and K. Sollins. Extending and expanding the security features of Java. In Proceedings of the 1998 USENIX Security Symposium, 1998.
Microsoft Corporation. Proposal for Authenticating Code Via the Internet, Apr 1996. http://www.microsoft.com/intdev/security/authcode.
R. Rivest. The MD5 message-digest algorithm. RFC 1321, Network Working Group, 1992.
J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, Sep 1975.
R. Scheifler and J. Gettys. X Window System: The Complete Reference to Xlib, X Protocol, Icccm, Xlfd. Butterworth-Heinemann, 1992.
F. Schneider. Enforceable security policies. Technical report, Dept of Computer Science, Cornell University, 1998.
C. Serban and B. McMillin. Run-time security evaluation (RTSE) for distributed applications. In Proc. of the 1996 IEEE Symposium on Security and Privacy, pages 222–32, 1996.
Secure hash standard. Federal Information Processing Standards Publication, FIPS, PUB 180-1, April 1995.
R. Simon and M. Zurko. Separation of duty in role-based environments. In Proceedings of the IEEE Computer Security Foundations Workshop’ 97, 1997.
The Spaniel News Server. Available from Spaniel Software.
V. Varadharajan and P. Allen. Joint actions based authorization schemes. Operating Systems Review, 30(3):32–45, 1996.
D. Wallach, D. Balfanz, D. Dean, and E. Felten. Extensible security architecture for Java. In SOSP 16, 1997.
D. Wichers, D. Cook, R. Olsson, J. Crossley, P. Kerchen, K. Levitt, and R. Lo. PACL’s: an access control list approach to anti-viral security. In USENIX Workshop Proceedings. UNIX SECURITY II, pages 71–82, 1990.
The WingDis Editor. Available from WingSoft Corporation, P.O.Box 7554, Fremont, CA 94537.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Edjlali, G., Acharya, A., Chaudhary, V. (1999). History-Based Access Control for Mobile Code. In: Vitek, J., Jensen, C.D. (eds) Secure Internet Programming. Lecture Notes in Computer Science, vol 1603. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48749-2_19
Download citation
DOI: https://doi.org/10.1007/3-540-48749-2_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66130-6
Online ISBN: 978-3-540-48749-4
eBook Packages: Springer Book Archive