Computational reflection in class based object-oriented languages
OOPSLA '89 Conference proceedings on Object-oriented programming systems, languages and applications
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Proceedings of the tenth annual conference on Object-oriented programming systems, languages, and applications
Role-Based Access Control Models
Computer
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
Reflective authorization systems: possibilities, benefits, and drawbacks
Secure Internet programming
The Java Language Specification
The Java Language Specification
The Art of the Metaobject Protocol
The Art of the Metaobject Protocol
IEEE Internet Computing
Meta Objects for Access Control: Role-Based Principals
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Reflection for Statically Typed Languages
ECCOP '98 Proceedings of the 12th European Conference on Object-Oriented Programming
Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
ECOOP '98 Workshop ion on Object-Oriented Technology
From Dalang to Kava - The Evolution of a Reflective Java Extension
Reflection '99 Proceedings of the Second International Conference on Meta-Level Architectures and Reflection
Secure Composition of Insecure Components
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
The design and implementation of Guaraná
COOTS'99 Proceedings of the 5th conference on USENIX Conference on Object-Oriented Technologies & Systems - Volume 5
Automatic program transformation with JOIE
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
A Simple Security-Aware MOP for Java
REFLECTION '01 Proceedings of the Third International Conference on Metalevel Architectures and Separation of Crosscutting Concerns
A security framework for reflective Java applications
Software—Practice & Experience
Partial behavioral reflection: spatial and temporal selection of reification
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Reflecting on aspect-oriented programming, metaprogramming, and adaptive distributed monitoring
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
| Hi-index | 0.00 |
This article investigates the security issues raised by the use of meta-programming systems with Java. For each possible type of MOP (compile-time, load-time, etc.), we study the permissions required for both the base and the meta-level protection domains, taking into account the flowof control between the different parts of the application.We showtha t the choice of a particular MOP architecture has a strong impact on security issues. Assuming a component-based architecture with code from various origins having different levels of trust, we establish a set of rules for combining the permissions associated with each protection domain (integration, base-level, meta-level, etc.).