Ian Welch
Fan Lu
ABSTRACT
Practical experience has shown that separating security enforcement code from functional code using separation of concerns techniques such as behavioural reflection leads to improvements in code undestandability and maintainability. However, using these techniques at requires providing a consistent and declarative way to specify policies. We have developed a prototype tool that allows the use of Ponder policies that are enforced by the Kava metaobject protocol. This prototype translates high-level policies into configuration files used to enforce the policies upon Java applications.
- C. A., R. Montanari, E. Lupu, M. Sloman, and C. Stefanelli. A flexible access control service for Java mobile code. In Annual Computer Security Applications Conference, pages 356--365, New Orleans, Louisiana, USA, 2000. IEEE.]] Google Scholar
Digital Library
- N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The ponder policy specification language. In POLICY '01: Proceedings of the International Workshop on Policies for Distributed Systems and Networks, pages 18--38, London, UK, 2001. Springer-Verlag.]] Google ScholarDigital Library
- D. Evans and A. Twyman. Flexible policy-directed code safety. In IEEE Symposium on Research in Security and Privacy, pages 32--45, Oakland, CA, May 1999. IEEE Computer Society, Technical Committee on Security and Privacy, IEEE Computer Society Press.]]Google ScholarCross Ref
- L. Gong, M. Mueller, H. Prafullchandra, and S. R. Going beyond the sandbox: An overview of the new security architecture in the Java Development Kit 1.2. In USENIX Symposium on Internet Technologies and Systems, pages 103--112, Monterey, California, December 1997. USENIX, Berkeley, CA.]] Google ScholarDigital Library
- J. Gosling, B. Joy, and G. L. Steele. The Java Language Specification. The Java Series. Addison-Wesley, 1996.]] Google ScholarDigital Library
- G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold. An Overview of AspectJ. In ECOOP 2001. volume LNCS 2072, pages 327--353, Budapest, Hungary, 2001. Springer.]] Google ScholarDigital Library
- H. T., K. S., Y. W., and C. Robbins. The string representation of standard attribute syntaxes. Internet Engineering Task Force. Available from: http://www.ietf.org/rfc/rfc1778.txt.Mar 1995. {Accessed February 2003}.]]Google Scholar
- J. von Nieda. Lirc -- an IRC client for Java. http://www.vonnieda.org/Lirc, 2001. Last accessed 17/6/02.]]Google Scholar
- I. Welch and R. Stroud. Re-engineering security as a crosscutting concern -- experience with a third party application. The Computer Journal, 46(5):578--589, September 2003.]]Google ScholarCross Ref
- I. Welch and R. J. Stroud. Kava -- using byte-code rewriting to add behavioral reflection to Java. In Proceedings of COOTS 2001, USENIX Conference on Object-Oriented Technologies and Systems, pages 119--130, San Antonio, Texas, 29 January - 2 February 2001. USENIX, Berkeley, CA.]] Google ScholarDigital Library
- I. Welch and R. J. Stroud. Using reflection as a mechanism for enforcing security policies on compiled code. Journal of Computer Security, 10:399--432, 2002.]] Google ScholarDigital Library
Index Terms
- Policy-driven reflective enforcement of security policies
Recommendations
Enforceable security policies
A precise characterization is given for the class of security policies enforceable with mechanisms that work by monitoring system execution, and automata are introduced for specifying exactly that class of security policies. Techniques to enforce ...
Security policies for downgrading
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityA long-standing problem in information security is how to specify and enforce expressive security policies that control information flow while also permitting information release (i.e., declassification) where appropriate. This paper presents security ...
Run-Time Enforcement of Nonsafety Policies
A common mechanism for ensuring that software behaves securely is to monitor programs at run time and check that they dynamically adhere to constraints specified by a security policy. Whenever a program monitor detects that untrusted software is ...
Comments