Skip to main content
SpringerLink
Log in

Providing Fine-Grained Access Control for Java Programs

  • Conference paper
  • First Online:
ECOOP’ 99 — Object-Oriented Programming (ECOOP 1999)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1628))

Included in the following conference series:

Abstract

There is considerable interest in programs that can migrate from one host to another and execute. Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access and possibly misuse a host’s protected resources. In this paper, we present a novel approach for controlling and protecting a site’s resources. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to resources. A set of code transformation tools enforces these constraints on mobile programs by integrating the access constraint checking code directly into the mobile program and resource definitions. Because our approach does not require resources to make explicit calls to a reference monitor, it does not depend upon a specific runtime system implementation.

This work is supported by the Defense Advanced Research Project Agency (DARPA) and Rome Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-97-1-0221. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Defense Advanced Research Project Agency (DARPA), Rome Laboratory, or the U.S. Government.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. E. Amoroso. Fundamentals of Computer Security Technology. P T R Prentice Hall, 1994.

    Google Scholar 

  2. K. Arnold and J. Gosling. The Java Programming Language. Addison Wesley, 1996.

    Google Scholar 

  3. D. Chess, B. Grosof, C. Harrison, D. Levine, C. Parris, and G. Tsudik. Itinerant Agents for Mobile Computing. IEEE Personal Communications, pages 34–49, October 1995.

    Google Scholar 

  4. D. Chess, C. Harrison, and A. Kershenbaum. Mobile agents: Are they a good idea? In Jan Vitek and Christian Tschudin, editors, Mobile Object Systems. Towards the Programmable Internet. Second International Workshop, MOS’ 96, number 1222 in Lecture Notes in Computer Science, pages 25–47, Linz, Austria, July 1997. Springer-Verlag. Also available at http://www.research.ibm.com/massdist/mobag.ps.

    Google Scholar 

  5. Laurence Cholvy and Frédéric Cuppens. Analyzing consistency of security policies. In 1997 IEEE Symposium on Security and Privacy, pages 103–112, Oakland, California, 1997. IEEE.

    Google Scholar 

  6. T. Coombs, J. Coombs, and D. Brewer. ActiveX Sourcebook: Build an ActiveXBased Web Site. John Wiley & Sons, Inc., 1996.

    Google Scholar 

  7. Fréedéeric Cuppens and Claire Saurel. Specifying a security policy: A case study. In 9th IEEE Compuer Security Foundations Workshop, pages 123–134, Kenmare, Ireland, June 1996. IEEE, IEEE Comput. Soc. Press.

    Google Scholar 

  8. D. Denning and P.J. Denning. Certification of Programs for Secure Information Flow. In Communcations of the ACM, volume 20(7), pages 504–513. ACM, 1977.

    Article  MATH  Google Scholar 

  9. D. Evans and A. Twyman. Flexible policy-directed code safety. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1999.

    Google Scholar 

  10. J.S. Fritzinger and M. Mueller. Java Security. JavaSoft White Paper, 1996. http://www.javasoft.com/security/whitepaper.ps.

  11. J.A. Goguen and J. Meseguer. Security policies and security models. In In Proceedings of the 1982 Symposium on Security and Privacy, pages 11–20, 1982.

    Google Scholar 

  12. L. Gong. Java security: Present and near future. IEEE Micro, pages 14–19, May/June 1997.

    Google Scholar 

  13. L. Gong, M. Mueller., H. Prafullchandra, and R. Schemers. Going beyong the sandbox: An overview of the new security architecture in the Java Development Kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, December 1997.

    Google Scholar 

  14. R. Grimm and B.N. Bershad. Providing policy-neutral and transparent access control in extensible systems. Technical Report UW-CSE-98-02-02, Dept. of Computer Science and Engineering, University of Washington, 1998.

    Google Scholar 

  15. S. Gritzalis and G. Aggelis. Security issues surrounding programming languages for mobile code: Java vs. Safe-Tcl. Operating Systems Review, 32(2):16–32, April 1998.

    Article  Google Scholar 

  16. D. Hagimont and L. Ismail. A protection scheme for mobile agents on Java. In Mobicom’ 97, pages 215–222, Budapest, Hungary, 1997. ACM.

    Google Scholar 

  17. M.A. Harrison, W.L. R., and J.D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, August 1976.

    Article  MATH  Google Scholar 

  18. M.A. Harrison, W.L. Ruzzo, and J.D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976.

    Article  MATH  MathSciNet  Google Scholar 

  19. C. Hawblitzel, C. Chang, G. Czajkowski, D. Hu, and T. von Eicken. Implementing multiple protection domains in Java. Technical Report 97-1160, Cornell University, 1997.

    Google Scholar 

  20. N. Islam, R. Anand, T. Jaeger, and J.R. Rao. A flexible security model for using internet content. IEEE Software, 14(5):52–59, Sept.–Oct. 1997.

    Article  Google Scholar 

  21. S. Jajodia, S. Pierangela, and V.S. Subrahmanian. A logical language for expressing authorizations. In Proceedings of the 1997 Symposium on Security and Privacy, pages 31–42, 1997.

    Google Scholar 

  22. JavaSoft. JDK 1.1.1 Documentation.

    Google Scholar 

  23. D. Kotz, R. Gray, S. Nog, D. Rus, S. Chawla, and G. Cybenko. Agent Tcl: Targeting the needs of mobile computers. IEEE Internet Computing, 1(4):58–67, July–August 1997.

    Article  Google Scholar 

  24. S. Liang and G. Brach. Dynamic Class Loading in the Java Virtual Machine. In C. Chambers, editor, Object-Oriented Programming Systems, Languages and Applications Conference, in Special Issue of SIGPLAN Notices, number 10, Vancouver, October 1998. ACM.

    Google Scholar 

  25. J. Meyer and T. Downing. Java Virtual Machine. O’Reilly, 1997.

    Google Scholar 

  26. D.V. Miller and R.W. Baldwin. Access control by boolean expression evaluation. In Fifth Annual Computer Security Applications Conference, pages 131–139, Tucson, AZ, 1990. IEEE, IEEE Comput. Soc. Press.

    Google Scholar 

  27. D.V. Miller and R.W. Baldwin. Access control by boolean expression evaluation. In Fifth Annual Computer Security Applications Conference, pages 131–139, Tucson, AZ, 1990. IEEE, IEEE Comput. Soc. Press.

    Google Scholar 

  28. N. Nagaratnam and S.B. Byrne. Resource access control for an internet user agent. In Third USENIX Conference on Object-Oriented Technologies and Systems. USENIX, June 1997.

    Google Scholar 

  29. G.C. Necula. Proof-carrying code. In Proceedings of the 24th Annual Symposium on Principles of Programming Languages. ACM SIGPLAN-SIGACT, Jan. 1997.

    Google Scholar 

  30. G.C. Necula and P. Lee. Safe kernel extensions without run-time checking. In Second Symposium on Operating System Design and Implementations. Usenix, Oct. 1996.

    Google Scholar 

  31. L.M. Null and J. Wong. The DIAMOND security policy for object-oriented databases. In 1992 ACM Computer Science Conference. Communications Proceedings, pages 49–56, Kansas City, MO, 1992.

    Google Scholar 

  32. J.K. Ousterhout, J.Y. Levy, and B.B. Welch. The Safe-Tcl security model. Technical Report TR-97-60, Sun Microsystem Laboratories, 1997. Available at http://research.sun.com/technical-reports/1997/abstract-60.html.

  33. J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, September 1975.

    Article  Google Scholar 

  34. J.W. Stamos and D.K. Gifford. Remote Evaluation. ACM Transactions on Programming Languages and Systems, 12(4):537–565, October 1990.

    Article  Google Scholar 

  35. T. Thorn. Programming languages for mobile code. ACM Computing Surveys, 29(3):213–239, September 1997.

    Article  Google Scholar 

  36. D.S. Wallach, D. Balfanz, D. Dean, and E.W. Felten. Extensible security architecture for Java. Technical report, Department of Computer Science, Princeton University, 1997.

    Google Scholar 

  37. T.Y.C. Woo and S.S. Lam. Authorization in distributed systems: A formal approach. In Proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pages 33–50, 1992.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Parallel and Distributed Computing Laboratory Computer Science Department, University of California, Davis, CA, 95616, USA

    Raju Pandey & Brant Hashii

Authors
  1. Raju Pandey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brant Hashii
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Swiss Federal Institute of Technology, CH-1015, Lausanne, Switzerland

    Rachid Guerraoui

Rights and permissions

Reprints and permissions

Copyright information

© 1999 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pandey, R., Hashii, B. (1999). Providing Fine-Grained Access Control for Java Programs. In: Guerraoui, R. (eds) ECOOP’ 99 — Object-Oriented Programming. ECOOP 1999. Lecture Notes in Computer Science, vol 1628. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48743-3_21

Download citation

  • DOI: https://doi.org/10.1007/3-540-48743-3_21

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-66156-6

  • Online ISBN: 978-3-540-48743-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation