Skip to main content
SpringerLink
Log in

Enabling Dynamic Security Policy in the Java Security Manager

  • Conference paper
Book cover Foundations and Practice of Security (FPS 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7743))

Included in the following conference series:

  • 1258 Accesses

Abstract

The Java execution environment includes several security mechanisms. They are found in the language itself, in the class loader, in the class verifier and in the sandbox in which bytecode is executed. The sandbox isolates the executed bytecode from the host on which the Java Virtual Machine (JVM) is executed. The security policy enforced by the sandbox can be configured depending on who runs a program and the origin of the program and offers fine-grained mechanisms to control resource access. However the security policy language offers no higher-level paradigms, such as the abstraction of users into roles, to enable the management of Java security policies into large infrastructures. Moreover those policies are static and cannot change depending on the state of the environment into which they are deployed. We propose in this article an approach to use the OrBAC model to configure the sandbox security policy, allowing the use of an implementation-independent policy language which offers facilities to manage large sets of JVMs, enables the expression of dynamic security policies and offers an advanced administration model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Miège, Y.D.A., Saurel, C., Trouessin, G.: Organization based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (2003)

    Google Scholar 

  2. Cuppens-Boulahia, N., Cuppens, F., Coma, C.: Multi-granular licences to decentralize security administration. In: First International Workshop on Reliability, Availability, and Security (WRAS), Paris, France (2007)

    Google Scholar 

  3. Samson, F.: Alternative Java Security Policy Model. Phd. thesis, Université Laval (2004)

    Google Scholar 

  4. River, A.: Jini: a network architecture for the construction of distributed systems (2010), http://river.apache.org

  5. Ferrailo, D.F., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for rbac. ACM Transactions on Information and System Security (2001)

    Google Scholar 

  6. Zhang, X., Parisi-Presicce, F., Sandhu, R.: Towards remote policy enforcement for runtime protection of mobile code using trusted computing (2006)

    Google Scholar 

  7. Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proceedings of the 1997 ACM SIGMOD International Conference on Management of Data, SIGMOD 1997, pp. 474–485. ACM, New York (1997)

    Chapter  Google Scholar 

  8. Dragovic, I.I.B., Crispo, B.: Extending the java virtual machine to enforce fine-grained security policies in mobile devices. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC (2007)

    Google Scholar 

  9. Ribeiro, C., Zúquete, A., Ferreira, P., Guedes, P.: Spl: An access control language for security policies with complex constraints. In: Proceedings of the Network and Distributed System Security Symposium, pp. 89–107 (1999)

    Google Scholar 

  10. Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miège, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust, FAST (2004)

    Google Scholar 

  11. Wheeler, D., Conyers, A., Luo, J., Xiong, A.: Java security extensions for a java server in a hostile environment. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC 2001, p. 64. IEEE Computer Society, Washington, DC (2001)

    Google Scholar 

  12. Ullman, J.D.: Principles of database and knowledge-base systems. Computer Science Press (1989)

    Google Scholar 

  13. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. International Journal of Information Security (IJIS) 7(4) (August 2008)

    Google Scholar 

  14. Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: Motorbac 2: a security policy tool. In: Third Joint Conference on Security in Networks Architectures and Security of Information Systems, SARSSI (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecom-Bretagne, 35576, Cesson Sévigné, France

    Fabien Autrel, Nora Cuppens-Boulahia & Frédéric Cuppens

Authors
  1. Fabien Autrel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM SudParis, 9 rue Charles Fourier, 91011, Evry, CEDEX, France

    Joaquin Garcia-Alfaro

  2. TELECOM Bretagne, 2 rue de la Châtaigneraie, 35512, Cesson Sévigné, CEDEX, France

    Frédéric Cuppens  & Nora Cuppens-Boulahia  & 

  3. Ryerson University, 245 Church Street, M5B 2K3, Toronto, ON, Canada

    Ali Miri

  4. Université Laval, 1065 avenue de la médecine, G1V 0A6, Quebec, Canada

    Nadia Tawbi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Autrel, F., Cuppens-Boulahia, N., Cuppens, F. (2013). Enabling Dynamic Security Policy in the Java Security Manager. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds) Foundations and Practice of Security. FPS 2012. Lecture Notes in Computer Science, vol 7743. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37119-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37119-6_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37118-9

  • Online ISBN: 978-3-642-37119-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation