Concepts and experiments in computational reflection
OOPSLA '87 Conference proceedings on Object-oriented programming systems, languages and applications
The art of metaobject protocol
The art of metaobject protocol
Proceedings of the tenth annual conference on Object-oriented programming systems, languages, and applications
Approach to object security in distributed SOM
IBM Systems Journal
Meta objects for access control: extending capability-based security
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
JRes: a resource accounting interface for Java
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Securing Java: getting down to business with mobile code
Securing Java: getting down to business with mobile code
Meta objects for access control: a formal model for role-based principals
Proceedings of the 1998 workshop on New security paradigms
ACM Transactions on Information and System Security (TISSEC)
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation
Integrating Independently-Developed Components in Object-Oriented Languages
ECOOP '93 Proceedings of the 7th European Conference on Object-Oriented Programming
Reflection for Statically Typed Languages
ECCOP '98 Proceedings of the 12th European Conference on Object-Oriented Programming
Aspects of Exceptions at the Meta-level
REFLECTION '01 Proceedings of the Third International Conference on Metalevel Architectures and Separation of Crosscutting Concerns
Supporting Real World Security Models in Java
FTDCS '99 Proceedings of the 7th IEEE Workshop on Future Trends of Distributed Computing Systems
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Kava - using byte code rewriting to add behavioural reflection to Java
COOTS'01 Proceedings of the 6th conference on USENIX Conference on Object-Oriented Technologies and Systems - Volume 6
Coping with denial of service due to malicious Java applets
Computer Communications
Policy-driven reflective enforcement of security policies
Proceedings of the 2006 ACM symposium on Applied computing
Efficient IRM enforcement of history-based access control policies
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Isolating untrusted software extensions by custom scoping rules
Computer Languages, Systems and Structures
Hi-index | 0.01 |
Securing application resources or defining finer-gained access control for system resources using the Java security architecture requires manual changes to source code. This is error-prone and cannot be done if only compiled code is present. We show how behavioural reflection can be used to enforce security policies on compiled code. Other authors have implemented code rewriting toolkits that achieve the same effect but they either require policies to be expressed in terms of low level abstractions or require the use of new high level policy languages. Our approach allows reuseable policies to be implemented as metaobjects in a high level objecl oriented language (Java), and then bound to application objects at loadtime. The binding between metaobjects and objects is implemented through bytecode rewriting under the control of a declarative binding specification. We have implemented this approach using Kava which is a portable reflective Java implementation. Kava allows customisation of a rich range of runtime behaviour. and provides a non-bypassable meta level suitable for implementing security enforcement. We discuss how we have used Kava to show how to secure a third-party application, how we prevent Kava being bypassed, and compare its performance with non-reflective security enforcement.