Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
Making paths explicit in the Scout operating system
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
JRes: a resource accounting interface for Java
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Building Internet Firewalls
Java Virtual Machine Specification
Java Virtual Machine Specification
Java Security: Present and Near Future
IEEE Micro
Blocking Java Applets at the Firewall
SNDSS '97 Proceedings of the 1997 Symposium on Network and Distributed System Security
Experience with Secure Multi-Processing in Java
ICDCS '98 Proceedings of the The 18th International Conference on Distributed Computing Systems
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Joust: A Platform for Communication-Oriented Liquid Software
Joust: A Platform for Communication-Oriented Liquid Software
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Security of web browser scripting languages: vulnerabilities, attacks, and remedies
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Formalizing the safety of Java, the Java virtual machine, and Java card
ACM Computing Surveys (CSUR)
Agent factory: generative migration of mobile agents in heterogeneous environments
Proceedings of the 2002 ACM symposium on Applied computing
Globule: A Platform for Self-Replicating Web Documents
PROMS 2001 Proceedings of the 6th International Conference on Protocols for Multimedia Systems
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
Detecting targeted attacks using shadow honeypots
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
SpyProxy: execution-based detection of malicious web content
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Alcatraz: An Isolated Environment for Experimenting with Untrusted Software
ACM Transactions on Information and System Security (TISSEC)
A secure virtual execution environment for untrusted code
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
A novel approach for untrusted code execution
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Paranoid Android: versatile protection for smartphones
Proceedings of the 26th Annual Computer Security Applications Conference
AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
| Hi-index | 0.00 |
Mobile code presents a number of threats to machines that execute it. We introduce an approach for protecting machines and the resources they hold from mobile code and describe a system based on our approach for protecting host machines from Java 1.1 applets. In our approach, each Java applet downloaded to the protected domain is rerouted to a dedicated machine (or set of machines), the playground, at which it is executed. Prior to execution, the applet is transformed to use the downloading user's web browser as a graphics terminal for its input and output and so the user has the illusion that the applet is running on her own machine. In reality, however, mobile code runs only in the sanitized environment of the playground, where user files cannot be mounted and from which only limited network connections are accepted by machines in the protected domain. Our playground thus provides a second level of defense against mobile code that circumvents language-based defenses. The paper presents the design and implementation of a playground for Java 1.1 applets and discusses extensions of it for other forms of mobile code, including Java 1.2.