Adaptive data protection in distributed systems
Proceedings of the third ACM conference on Data and application security and privacy
Enabling dynamic security policy in the java security manager
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
| Hi-index | 0.00 |
The Java (TM) Virtual Machine is being used morefrequently as the basic engine behind dynamic webservices. With the proliferation of network attacks onthese network resources, much work has been done toprovide security for the network environment. Continuingwork on firewalls, intrusion detection, and even accesscontrol have provided numerous insights and capabilitiesfor protecting web resources. Java itself has receivedmuch attention in the security arena, and the Java 2(TM)Architecture has provided considerable in-roads toproviding security services. However, this research hasoperated under the assumption that attacks only occurthrough the network, and not with direct access to theweb server through a valid login. Little effort has beenplaced on securing a Java web server where the attackerhas a valid login to the host machine. This paperdescribes specific security extensions developed for aJava Virtual Machine that provide assurance of correctsystem operation and integrity even in the presence ofsuccessful attacks on the underlying operating system.