Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
Model-Carrying Code (MCC): a new paradigm for mobile-code security
Proceedings of the 2001 workshop on New security paradigms
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Composing security policies with polymer
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Hi-index | 0.00 |
The contemporary approach to enrich the functionality of various devices is to make them programmable, and enable the users to install new features in the form of mobile code. For example, so-called smartphones are equipped with a basic set of applications, but the manufacturers and operators provide a lot of applications that can be later downloaded and installed. The expanding use of mobile code has emerged security concerns, since mobile code may also contain undesirable features. For finding the possible security weaknesses, we present our code monitoring solution in the context of J2ME (Java2 Micro Edition). We first describe our modular policy language for expressing simple rule based security policies. The policies are translated into aspects, practically into AspectJ aspects, that together form a runtime security monitor. We use a weaver to weave the aspects into the mobile code to guarantee its safe runtime execution. If the runtime behavior of the code attempts to violate the applied security policy, the application is halted. Later, we consider embedding a runtime monitor into J2ME applications. Since simplicity and compact policy descriptions are very beneficial properties in the contexts in which resources (e.g. memory) are limited, we believe that our solution is specifically usable for embedded mobile solutions. Compared to the other existing policy monitoring solutions, we aim at simpler policy descriptions by following the truncation automata approach, and by dismissing the approach in which automata state-chains are described into monitoring program. In fact, we consider automata states unnecessary, since the current state can be regarded as one of the remembered attribute values, if necessary.