History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Inside Java 2 platform security architecture, API design, and implementation
Inside Java 2 platform security architecture, API design, and implementation
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
A secure execution framework for Java
Proceedings of the 7th ACM conference on Computer and communications security
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Model-Carrying Code (MCC): a new paradigm for mobile-code security
Proceedings of the 2001 workshop on New security paradigms
Enforceable Security Policies
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Synthesizing fast intrusion prevention/detection systems from high-level specifications
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A Hybrid Security Framework of Mobile Code
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
System Call Monitoring Using Authenticated System Calls
IEEE Transactions on Dependable and Secure Computing
CMV: automatic verification of complete mediation for java virtual machines
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Simulating midlet's security claims with automata modulo theory
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Towards remote policy enforcement for runtime protection of mobile code using trusted computing
IWSEC'06 Proceedings of the 1st international conference on Security
Pre-execution security policy assessment of remotely defined BPEL-based grid processes
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
| Hi-index | 0.00 |
Existing approaches for mobile code security tend to take a conservative view that mobile code is inherently risky, and hence focus on confining it. Such confinement is usually achieved using access control policies that restrict mobile code from taking any action that can potentially be used to harm the host system. While such policies can be helpful in keeping "bad applets" in check, they preclude a large number of useful applets. We therefore take an alternative view of mobile code security, one that is focused on empowering mobile code rather than disabling it. We propose an approach wherein highly expressive security policies provide the basis for such empowerment, while greatly mitigating the risks posed to the host system by such code. Our policies are represented as extended finite state automata, (a generalization of the finite-state automata to permit the use of variables) that can enforce these policies efficiently. We have built a prototype implementation of our approach for Java. Our implementation is based on rewriting Java byte code so that security-relevant events are intercepted and forwarded to the policy enforcement automata before they are executed. Early experimental results indicate that such expressive, enabling policies can be supported with low overheads.