Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Dynamic class loading in the Java virtual machine
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
ACM Transactions on Information and System Security (TISSEC)
SAFKASI: a security mechanism for language-based systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proof linking: modular verification of mobile programs in the presence of lazy, dynamic linking
ACM Transactions on Software Engineering and Methodology (TOSEM)
Programming semantics for multiprogrammed computations
Communications of the ACM
Essentials of programming languages (2nd ed.)
Essentials of programming languages (2nd ed.)
Types and programming languages
Types and programming languages
Java Virtual Machine Specification
Java Virtual Machine Specification
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
True Modules for Java-like Languages
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Using reflection as a mechanism for enforcing security policies on compiled code
Journal of Computer Security - Special issue on ESORICS 2000
Mechanisms for secure modular programming in Java
Software—Practice & Experience - Special issue: Security software
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Security Kernel Based on the Lambda-Calculus
A Security Kernel Based on the Lambda-Calculus
MJ: a rational module system for Java and its applications
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
Object-oriented encapsulation for dynamically typed languages
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Mirrors: design principles for meta-level facilities of object-oriented programming languages
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Pluggable verification modules: an extensible protection mechanism for the JVM
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Computability classes for enforcement mechanisms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Formal Models of Capability-Based Protection Systems
IEEE Transactions on Computers
Discretionary capability confinement
International Journal of Information Security
Discretionary capability confinement
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Hi-index | 0.00 |
In a modern programming language, scoping rules determine the visibility of names in various regions of a program. In this work, we examine the idea of allowing an application developer to customize the scoping rules of its underlying language. We demonstrate that such an ability can serve as the cornerstone of a security architecture for dynamically extensible systems. A run-time module system, IsoMod, is proposed for the Java platform to facilitate software isolation. A core application may create namespaces dynamically and impose arbitrary name visibility policies (i.e., scoping rules) to control whether a name is visible, to whom it is visible, and in what way it can be accessed. Because IsoMod exercises name visibility control at load time, loaded code runs at full speed. Furthermore, because IsoMod access control policies are maintained separately, they evolve independently from core application code. In addition, the IsoMod policy language provides a declarative means for expressing a very general form of visibility constraints. Not only can the IsoMod policy language simulate a sizable subset of permissions in the Java 2 security architecture, it does so with policies that are robust to changes in software configurations. The IsoMod policy language is also expressive enough to completely encode a capability type system known as Discretionary Capability Confinement. In spite of its expressiveness, the IsoMod policy language admits an efficient implementation strategy. Name visibility control in the style of IsoMod is therefore a lightweight access control mechanism for Java-style language environments.