Abstract
The Java execution environment includes several security mechanisms. They are found in the language itself, in the class loader, in the class verifier and in the sandbox in which bytecode is executed. The sandbox isolates the executed bytecode from the host on which the Java Virtual Machine (JVM) is executed. The security policy enforced by the sandbox can be configured depending on who runs a program and the origin of the program and offers fine-grained mechanisms to control resource access. However the security policy language offers no higher-level paradigms, such as the abstraction of users into roles, to enable the management of Java security policies into large infrastructures. Moreover those policies are static and cannot change depending on the state of the environment into which they are deployed. We propose in this article an approach to use the OrBAC model to configure the sandbox security policy, allowing the use of an implementation-independent policy language which offers facilities to manage large sets of JVMs, enables the expression of dynamic security policies and offers an advanced administration model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Miège, Y.D.A., Saurel, C., Trouessin, G.: Organization based access control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (2003)
Cuppens-Boulahia, N., Cuppens, F., Coma, C.: Multi-granular licences to decentralize security administration. In: First International Workshop on Reliability, Availability, and Security (WRAS), Paris, France (2007)
Samson, F.: Alternative Java Security Policy Model. Phd. thesis, Université Laval (2004)
River, A.: Jini: a network architecture for the construction of distributed systems (2010), http://river.apache.org
Ferrailo, D.F., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST standard for rbac. ACM Transactions on Information and System Security (2001)
Zhang, X., Parisi-Presicce, F., Sandhu, R.: Towards remote policy enforcement for runtime protection of mobile code using trusted computing (2006)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proceedings of the 1997 ACM SIGMOD International Conference on Management of Data, SIGMOD 1997, pp. 474–485. ACM, New York (1997)
Dragovic, I.I.B., Crispo, B.: Extending the java virtual machine to enforce fine-grained security policies in mobile devices. In: Proceedings of the Annual Computer Security Applications Conference, ACSAC (2007)
Ribeiro, C., Zúquete, A., Ferreira, P., Guedes, P.: Spl: An access control language for security policies with complex constraints. In: Proceedings of the Network and Distributed System Security Symposium, pp. 89–107 (1999)
Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miège, A.: A formal approach to specify and deploy a network security policy. In: Second Workshop on Formal Aspects in Security and Trust, FAST (2004)
Wheeler, D., Conyers, A., Luo, J., Xiong, A.: Java security extensions for a java server in a hostile environment. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC 2001, p. 64. IEEE Computer Society, Washington, DC (2001)
Ullman, J.D.: Principles of database and knowledge-base systems. Computer Science Press (1989)
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. International Journal of Information Security (IJIS) 7(4) (August 2008)
Autrel, F., Cuppens, F., Cuppens-Boulahia, N., Coma, C.: Motorbac 2: a security policy tool. In: Third Joint Conference on Security in Networks Architectures and Security of Information Systems, SARSSI (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Autrel, F., Cuppens-Boulahia, N., Cuppens, F. (2013). Enabling Dynamic Security Policy in the Java Security Manager. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds) Foundations and Practice of Security. FPS 2012. Lecture Notes in Computer Science, vol 7743. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37119-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-37119-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37118-9
Online ISBN: 978-3-642-37119-6
eBook Packages: Computer ScienceComputer Science (R0)