|
 ABSTRACT
We introduce a language and system that supports definition and composition of complex run-time security policies for Java applications. Our policies are comprised of two sorts of methods. The first is query methods that are called whenever an untrusted application tries to execute a security-sensitive action. A query method returns a suggestion indicating how the security-sensitive action should be handled. The second sort of methods are those that perform state updates as the policy's suggestions are followed.The structure of our policies facilitates composition, as policies can query other policies for suggestions. In order to give programmers control over policy composition, we have designed the system so that policies, suggestions, and application events are all first-class objects that a higher-order policy may manipulate. We show how to use these programming features by developing a library of policy combinators.Our system is fully implemented, and we have defined a formal semantics for an idealized subset of the language containing all of the key features. We demonstrate the effectiveness of our system by implementing a large-scale security policy for an email client.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
M. Abadi and C. Fournet. Access control based on execution history. In 10th Annual Network and Distributed System Security Symposium, 2003.
|
 |
2
|
Ole Agesen , Stephen N. Freund , John C. Mitchell, Adding type parameterization to the Java language, Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, p.49-65, October 05-09, 1997, Atlanta, Georgia, United States
|
| |
3
|
Apache Software Foundation. Byte Code Engineering Library, 2003. http://jakarta.apache.org/bcel/.
|
| |
4
|
|
| |
5
|
L. Bauer, J. Ligatti, and D. Walker. A language and system for composing security policies. Technical Report TR-699-04, Princeton University, Jan. 2004.
|
| |
6
|
|
| |
7
|
|
| |
8
|
D. Evans and A. Twyman. Flexible policy-directed code safety. In IEEE Security and Privacy, Oakland, CA, May 1999.
|
| |
9
|
|
| |
10
|
Gregor Kiczales , Erik Hilsdale , Jim Hugunin , Mik Kersten , Jeffrey Palm , William G. Griswold, An Overview of AspectJ, Proceedings of the 15th European Conference on Object-Oriented Programming, p.327-353, June 18-22, 2001
|
| |
11
|
M. Kim, M. Viswanathan, H. Ben-Abdallah, S. Kannan, I. Lee, and O. Sokolsky. Formally specified monitoring of temporal properties. In European Conference on Real-time Systems, York, UK, June 1999.
|
| |
12
|
I. Lee, S. Kannan, M. Kim, O. Sokolsky, and M. Viswanathan. Run-time assurance based on formal specifications. In International Conference on Parallel and Distributed Processing Techniques and Applications, Las Vegas, NV, June 1999.
|
| |
13
|
J. Ligatti, L. Bauer, and D. Walker. Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security, 4(1--2):2--16, Feb. 2005.
|
| |
14
|
|
| |
15
|
E. Meijer and J. Gough. A technical overview of the Common Language Infrastructure. http://research.microsoft.com/~emeijer/Papers/CLR.pdf.
|
| |
16
|
A. Petersen. Pooka: A Java email client, 2003. http://www.suberic.net/pooka/.
|
| |
17
|
J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. In IEEE 63, 9, pages 1278--1308, Sept. 1975.
|
| |
18
|
|
| |
19
|
|
| |
20
|
|
CITED BY 26
|
|
|
|
|
|
|
|
Lieven Desmet , Wouter Joosen , Fabio Massacci , Katsiaryna Naliuka , Pieter Philippaerts , Frank Piessens , Dries Vanoverberghe, A flexible security architecture to support third-party applications on mobile devices, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Lieven Desmet , Wouter Joosen , Fabio Massacci , Pieter Philippaerts , Frank Piessens , Ida Siahaan , Dries Vanoverberghe, Security-by-contract on the .NET platform, Information Security Tech. Report, v.13 n.1, p.25-32, January, 2008
|
|
|
Anderson Santana de Oliveira , Eric Ke Wang , Claude Kirchner , Helene Kirchner, Weaving rewrite-based access control policies, Proceedings of the 2007 ACM workshop on Formal methods in security engineering, p.71-80, November 02-02, 2007, Fairfax, Virginia, USA
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Phu H. Phung , David Sands , Andrey Chudnov, Lightweight self-protecting JavaScript, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
|
|
|
|
|
|
Chamseddine Talhi , Nadia Tawbi , Mourad Debbabi, Execution monitoring enforcement for limited-memory systems, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
|
|
|
|
|
|
|
|
|
Ninghui Li , Qihua Wang , Wahbeh Qardaji , Elisa Bertino , Prathima Rao , Jorge Lobo , Dan Lin, Access control policy combining: theory meets practice, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
|
|
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.3