Reflections on MOP s, Components, and Java Security

  • Denis Caromel
  • Julien Vayssière
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2072)


This article investigates the security issues raised by the use of meta-programming systems with Java. For each possible type of MOP (compile-time, load-time, etc.), we study the permissions required for both the base and the meta-level protection domains, taking into account the flowof control between the different parts of the application. We showtha t the choice of a particular MOP architecture has a strong impact on security issues. Assuming a component-based architecture with code from various origins having different levels of trust, we establish a set of rules for combining the permissions associated with each protection domain (integration, base-level, meta-level, etc.).


Virtual Machine Security Policy Base Class Java Virtual Machine Security Architecture 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Martin Abadi, Michael Burrows, Butler Lampson, and Gordon Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706–734, September 1993.CrossRefGoogle Scholar
  2. [2]
    M. Ancona, W. Cazzola, and E. B. Fernandez. Reflective authorization systems: Possibilities, benefits, and drawbacks. Lecture Notes in Computer Science, 1603:35–50, 1999.Google Scholar
  3. [3]
    Massimo Ancona, Walter Cazzola, and Eduardo B. Fernandez. A historydependent access control mechanism using reflection. In Proceedings of the 5th ECOOP Workshop on Mobile Object Systems (MOS’99), Lisbon, Portugal, June 1999.Google Scholar
  4. [4]
    Pierre Bieber, Jacques Cazin, Virginie Wiels, Guy Zanon, Pierre Girard, and Jean-Louis Lanet. Electronic purse applet certification: extended abstract. In Steve Schneider and Peter Ryan, editors, Electronic Notes in Theoretical Computer Science, volume 32. Elsevier Science Publishers, 2000.Google Scholar
  5. [5]
    D. Caromel, W. Klauser, and J. Vayssiere. Towards Seamless Computing and Metacomputing in Java. Concurrency Practice and Experience, 10(11-13):1043–1061, November 1998.CrossRefGoogle Scholar
  6. [6]
    Shigeru Chiba. A metaobject protocol for C++. In OOPSLA’ 95 Conference Proceedings: Object-Oriented Programming Systems, Languages, and Applications, pages 285–299. ACM Press, 1995.Google Scholar
  7. [7]
    Shigeru Chiba and Michiaki Tatsubori. Yet another java.lang.class. In ECOOP’98 Workshop on Reflective Object-Oriented Programming and Systems, Brussels, Belgium, July 1998Google Scholar
  8. [8]
    Geoff A. Cohen, Jeffrey S. Chase, and David L. Kaminsky. Automatic program transformation with JOIE. In Proceedings of the USENIX 1998 Annual Technical Conference, pages 167–178, Berkeley, USA, June 15-19 1998. USENIX Association.Google Scholar
  9. [9]
    Josè de Oliveira Guimarães. Reflection for statically typed languages. In Eric Jul, editor, ECOOP’ 98—Object-Oriented Programming, volume 1445 of Lecture Notes in Computer Science, pages 440–461. Springer, 1998.CrossRefGoogle Scholar
  10. [10]
    J. Ferber. Computational reflection in class based object-oriented languages. ACM SIGPLAN Notices, 24(10):317–326, October 1989.CrossRefGoogle Scholar
  11. [11]
    E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns: Elements of Reusable Object-oriented Software. Addison Wesley, Reading, 1996.zbMATHGoogle Scholar
  12. [12]
    Li Gong. Secure Java class loading. IEEE Internet Computing, 2(5):56–61, 1998.CrossRefGoogle Scholar
  13. [13]
    Li Gong. Inside Java 2 platform security: architecture, API design, and implementation. Addison-Wesley, Reading, MA, USA, june 1999.Google Scholar
  14. [14]
    J. Gosling, B. Joy, and G. Steele. The Java Language Specification. Addison-Wesley, Reading, USA, 1997.Google Scholar
  15. [15]
    Gregor Kiczales and Jim des Rivieres. The art of the metaobject protocol.,MIT Press, Cambridge, MA, USA, 1991.Google Scholar
  16. [16]
    Juergen Kleinoeder and Michael Golm. Metajava: An efficient run-time meta architecture for java. Techn. Report TR-I4-96-03, Univ. of Erlangen-Nuernberg, IMMD IV, 1996.Google Scholar
  17. [17]
    Tim Lindholm and Frank Yellin. The Java Virtual Machine Specification. Addison-Wesley, Reading, USA, 1997.Google Scholar
  18. [18]
    Gabriella Dodero Massimo Ancona, Walter Cazzola and Vittoria Gianuzzi. Channel reification: A reflective model for distributed computation. In Proceedings of IEEE International Performance Computing, and Communication Conference (IPCCC’98), pages 32–36, Phoenix, Arizona, USA, Feb 1998.Google Scholar
  19. [19]
    Sun Microsystems. The JavaBeans API Specification, July 1997.Google Scholar
  20. [20]
    Sun Microsystems. The Java Core Reflection API, 1998.Google Scholar
  21. [21]
    Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL), pages 228–241, San Antonio, Texas, Jan 1999.Google Scholar
  22. [22]
    Alexandre Oliva and Luiz Eduardo Buzato. The design and implementation of Guaraná. In Proceedings of the Fifth USENIX Conference on Object-Oriented Technologies and Systems, pages 203–216. The USENIX Association, 1999.Google Scholar
  23. [23]
    Barry Redmond and Vinny Cahill. Iguana/J: Towards a dynamic and efficient reflective architecture for java. In ECOOP 2000 Workshop on Reflection and Metalevel Architectures, June 2000.Google Scholar
  24. [24]
    T. Riechmann and J. Kleinoeder. Meta objects for access control: Role-based principals. In C. Boyd and E. Dawson, editors, Proceeding of the Third Australasian Conference on Information Security and Privacy, number 1438 in Lecture Notes in Computer Science, pages 296–307. Springer, July 1998.Google Scholar
  25. [25]
    Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9), September 1975.Google Scholar
  26. [26]
    Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. Computer, 29(2):38–47, February 1996.CrossRefGoogle Scholar
  27. [27]
    Peter Sewell and Jan Vitek. Secure composition of insecure components. In Proceedings of the Computer Security Foundations Workshop, CSFW-12, 1999.Google Scholar
  28. [28]
    Michiaki Tatsubori. An extension mechanism for the Java language. Master’s thesis, Graduate School of Engineering, University of Tsukuba, 1999.Google Scholar
  29. [29]
    I. Welch and R. Stroud. From Dalang to Kava — the evolution of a reflective Java extension. In Pierre Cointe, editor, Proceedings of the second international conference Reflection’99, number 1616 in Lecture Notes in Computer Science, pages 2–21. Springer, July 1999.Google Scholar
  30. [30]
    I. Welch and R. J. Stroud. Using reflection as a mechanism for enforcing security policies in mobile code. In Proceedings of ESORICS’2000, number 1895 in Lecture Notes in Computer Science, pages 309–323, October 2000.Google Scholar
  31. [31]
    Ian Welch and Robert Stroud. Using metaobject protocols to adapt third-party components. Work-in-Progress paper presented at Middleware’98, Lake District England, September 1998.Google Scholar
  32. [32]
    Zhixue Wu and Scarlet Schwiderski. Reflective Java: Making Java even more flexible. Technical report, ANSA, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Denis Caromel
  • Julien Vayssière

There are no affiliations available

Personalised recommendations