Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Extensibility safety and performance in the SPIN operating system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Dealing with disaster: surviving misbehaved kernel extensions
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Market-based resource control for mobile agents
AGENTS '98 Proceedings of the second international conference on Autonomous agents
Scheduling Algorithms for Multiprogramming in a Hard-Real-Time Environment
Journal of the ACM (JACM)
The Safe-Tcl Security Model
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Implementing multiple protection domains in java
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Upgrading Embedded Software in the Field: Dependability and Survivability
EMSOFT '02 Proceedings of the Second International Conference on Embedded Software
Applications of agent technology in communications: a review
Computer Communications
Hi-index | 0.00 |
Internet users routinely and often unknowingly download and run programs, such as Java applets; and some Web servers let users upload external programs and run them on the server. Although the practice of executing these external programs has the sanction of widespread use, its security implications haven't yet been systematically addressed. In the brief, dynamic history of the Internet, such a situation is not unusual. New communication mechanisms and computing paradigms are often implemented before the security issues they engender have been rigorously analyzed. Our goal is to address this problem in the subdomain of external programs by systematically outlining security issues and classifying current solutions. Our focus is solely on protecting a host from external programs. We do not address the problem of protecting the communication medium or protecting an external program from runtime systems. Furthermore, we do not address the problem of correctly identifying the source of an external program (authentication). We start our inquiry by reviewing the relevant models of computation, followed by an overview of the security problems associated with them. We then classify both the problems and the existing solutions using a resource-centric model that distinguishes problems associated with resource access from those associated with resource consumption. Finally, we classify solutions to each problem according to how and when they are applied