Affiliation:
1. Carnegie Mellon University, Pittsburgh, PA
2. Princeton University, Princeton, NJ
Abstract
We introduce a language and system that supports definition and composition of complex run-time security policies for Java applications. Our policies are comprised of two sorts of methods. The first is
query
methods that are called whenever an untrusted application tries to execute a security-sensitive action. A query method returns a
suggestion
indicating how the security-sensitive action should be handled. The second sort of methods are those that perform state updates as the policy's suggestions are followed.The structure of our policies facilitates composition, as policies can query other policies for suggestions. In order to give programmers control over policy composition, we have designed the system so that policies, suggestions, and application events are all first-class objects that a higher-order policy may manipulate. We show how to use these programming features by developing a library of policy combinators.Our system is fully implemented, and we have defined a formal semantics for an idealized subset of the language containing all of the key features. We demonstrate the effectiveness of our system by implementing a large-scale security policy for an email client.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference19 articles.
1. Adding type parameterization to the Java language
2. Apache Software Foundation. Byte Code Engineering Library 2003. http://jakarta.apache.org/bcel/. Apache Software Foundation. Byte Code Engineering Library 2003. http://jakarta.apache.org/bcel/.
3. Mechanisms for secure modular programming in Java
4. Enforcing trace properties by program transformation
Cited by
26 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献