A protection scheme for mobile agents on Java
MobiCom '97 Proceedings of the 3rd annual ACM/IEEE international conference on Mobile computing and networking
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
A note on the confinement problem
Communications of the ACM
Java Security: Present and Near Future
IEEE Micro
IEEE Internet Computing
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Fine-Grained Control of Java Applets Using a Simple Constraint Language
Fine-Grained Control of Java Applets Using a Simple Constraint Language
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Role-based access control in Java
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
History-based access control for mobile code
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Role-based access control on the Web using Java
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
A secure execution framework for Java
Proceedings of the 7th ACM conference on Computer and communications security
History-based access control for mobile code
Secure Internet programming
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
| Hi-index | 0.00 |
The popularity of the web has had several significant impacts, two of note here: (1) increasing sophistication of web pages, including more regular use of Java and other mobile code, and (2) decreasing average level of sophistication as the user population becomes more broad-based. Coupling these with the increased security threats posed by importing more and more mobile code has caused an emphasis on the security of executing Java applets. This paper considers two significant enhancements that will provide users with both a richer and more effective security model. The two enhancements are the provision of flexible and configurable security constraints and the ability to confine use of certain storage channels, as defined by Lampson[11], to within those constraints. We are particularly concerned with applets using files as communications channels contrary to desired security constraints. We present the mechanisms, a discussion of the implementation, and a summary of some performance comparisons. It is important to note that the ideas presented here are more generally applicable than only to the particular storage channels discussed or even only to Java.