X window system (3rd ed.): the complete reference to Xlib, X Protocol, ICCCM, XLFD
X window system (3rd ed.): the complete reference to Xlib, X Protocol, ICCCM, XLFD
Interposition agents: transparently interposing user code at the system interface
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Joint actions based authorization schemes
ACM SIGOPS Operating Systems Review
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
Developing Java beans
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Core Java 2, Volume 1: Fundamentals
Core Java 2, Volume 1: Fundamentals
New security architectural directions for Java
COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Enforceable Security Policies
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Run-Time Security Evaluation (RTSE) for Distributed Applications
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
History-based Access Control for Mobile Code
History-based Access Control for Mobile Code
Implementing Execution Controls in Unix
LISA '93 Proceedings of the 7th USENIX conference on System administration
Expanding and extending the security features of java
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Extending the operating system at the user level: the Ufo global file system
ATEC '97 Proceedings of the annual conference on USENIX Annual Technical Conference
Call-by-contract for service discovery, orchestration and recovery
Rigorous software engineering for service-oriented systems
Checking risky events is enough for local policies
ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
| Hi-index | 0.00 |
In this chapter, we present a history-based access-control mechanism that is suitable for mediating accesses from mobile code. The key idea behind history-based access-control is to maintain a selective history of the access requests made by individual programs and to use this history to improve the differentiation between safe and potentially dangerous requests. What a program is allowed to do depends on its own behavior and identity in addition to currently used discriminators like the location it was loaded from or the identity of its author/provider. History-based access-control has the potential to significantly expand the set of programs that can be executed without compromising security or ease of use. We describe the design and implementation of Deeds, a history-based access-control mechanism for Java. Access-control policies for Deeds are written in Java, and can be updated while the programs whose accesses are being mediated are still executing.