Jalapa: Securing Java with Local Policies

Authors:
Massimo Bartoletti;Gabriele Costa;Roberto Zunino
Affiliations:
Dipartimento di Matematica e Informatica, Università degli Studi di Cagliari, Italy;Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Italy;Dipartimento di Ingegneria e Scienza dell'Informazione, Università di Trento, Italy
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 7
Cited 0

History-based access control for mobile code

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Inside Java 2 platform security architecture, API design, and implementation

Inside Java 2 platform security architecture, API design, and implementation
Stack inspection: Theory and variants

ACM Transactions on Programming Languages and Systems (TOPLAS)
Kava - using byte code rewriting to add behavioural reflection to Java

COOTS'01 Proceedings of the 6th conference on USENIX Conference on Object-Oriented Technologies and Systems - Volume 6
Semantics-Based Design for Secure Web Services

IEEE Transactions on Software Engineering
Usage Automata

Foundations and Applications of Security Analysis
Types and Effects for resource usage analysis

FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present Jalapa, a tool for securing Java bytecode programs with history-based usage policies. Policies are defined by usage automata, that recognize the forbidden execution histories. Usage automata are expressive enough to allow programmers specify of many real-world usage policies; yet, they are simple enough to permit formal reasoning. Programmers can sandbox untrusted pieces of code with usage policies. The Jalapa tool rewrites the Java bytecode by adding the hooks for the mechanism that enforces the given policies at run-time.