Skip to main content

Enhancing Java Security with History Based Access Control

  • Conference paper
Foundations of Security Analysis and Design IV (FOSAD 2007, FOSAD 2006)

Abstract

Java language has become very popular in the last few years. Due to its portability, Java applications are adopted in distributed environment, where heterogeneous resources cooperate. In this context, security is a fundamental issue, because each resource could execute applications that have been developed by possibly unknown third parties.

This paper recalls several solutions for improving the Java native security support. In particular, it discusses an approach for history based access control of Java applications. This paper also describes the application of this solution to two common use cases: grid computing and mobile devices (such as mobile phones or PDAs).

Work partially supported by EU-funded projects Trust and Security for Next Generation Grids, GridTrust, IST-033817, Security of Software and Services for Mobile Systems, S3MS, IST-27004, and ARTIST2 Network of Excellence, IST-004527.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alpern, B., Attanasio, C.R., Barton, J.J., et al.: The jalapeño virtual machine. IBM System Journal 39(1) (2000)

    Google Scholar 

  2. Anderson, A.: Java access control mechanisms. Technical report, Sun Microsystems (2002)

    Google Scholar 

  3. Baiardi, F., Martinelli, F., Mori, P., Vaccarelli, A.: Improving grid service security with fine grain policies. In: Meersman, R., Tari, Z., Corsaro, A. (eds.) On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops. LNCS, vol. 3292, pp. 123–134. Springer, Heidelberg (2004)

    Google Scholar 

  4. Baker, M., Buyya, R., Laforenza, D.: Grids and grid technologies for wide-area distributed computing. International Journal of Software: Practice and Experience 32(15), 1437–1466 (2002)

    Article  MATH  Google Scholar 

  5. Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: PLDI ’05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp. 305–314. ACM Press, New York (2005)

    Chapter  Google Scholar 

  6. Chadwick, D.W., Otenko, O.: The permis x.509 role based privilege management infrastructure. In: Proceedings of the 7th ACM symposium on Access control models and technologies (SACMAT 2002), pp. 135–140. ACM Press, New York (2002)

    Chapter  Google Scholar 

  7. Chadwick, D.W., Otenko, S., Welch, V.: Using SAML to Link the GLOBUS Toolkit to the PERMIS Authorisation Infrastructure. In: Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (September 2004)

    Google Scholar 

  8. Chapin, S.J., Katramatos, D., Karpovich, J., Grimshaw, A.: Resource management in Legion. Future Generation Computer Systems 15(5-6), 583–594 (1999)

    Article  Google Scholar 

  9. Ciaschini, V., Gorrieri, R.: Contrasting malicious java applets by modifying the java virtual machine. In: 19th Int.l Information Security Conference (SEC 2004), pp. 47–64. Kluwer, Dordrecht (2004)

    Google Scholar 

  10. Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. ACM SIGPLAN Notices 35(5), 95–107 (2000)

    Article  Google Scholar 

  11. Damianou, N., Dulay, N., Lupu, E., Sloan, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Eckmann, S., Vigna, G., Kemmerer, R.: Statl: An attack language for state-based intrusion detection. Journal of Computer Security 10(1/2), 71–104 (2002)

    Google Scholar 

  13. Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University, Adviser-Fred B. Schneider (2004)

    Google Scholar 

  14. Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: IEEE Symposium on Security and Privacy, pp. 246–255 (2000)

    Google Scholar 

  15. Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: WNSP: New Security Paradigms Workshop, ACM Press, New York (2000)

    Google Scholar 

  16. Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE Symposium on Security and Privacy, pp. 32–45 (1999)

    Google Scholar 

  17. Foster, I.: Globus toolkit version 4: Software for service-oriented systems. In: Jin, H., Reed, D., Jiang, W. (eds.) NPC 2005. LNCS, vol. 3779, pp. 2–13. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Foster, I., Kesselman, C.: The globus project: A status report. In: Proceedings of IPPS/SPDP 1998 Heterogeneous Computing Workshop, pp. 4–18 (1998)

    Google Scholar 

  19. Foster, I., Kesselman, C., Nick, J.M., Tuecke, S.: The physiology of the grid: An open grid service architecture for distributed system integration. Globus Project (2002), http://www.globus.org/research/papers/ogsa.pdf

  20. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of Supercomputer Applications 15(3), 200–222 (2001)

    Article  Google Scholar 

  21. GCC: the GNU compiler collection, http://gcc.gnu.org/

  22. Gong, L.: Inside Java2 Platform Security, 2nd edn. Addison-Wesley, Reading (1999)

    Google Scholar 

  23. Globus GRAM architecture, http://www-unix.globus.org/developer/gram-architecture.html

  24. Grimm, R., Bershad, B.N.: Separating access control policy, enforcement, and functionality in extensible systems. ACM Transactions on Computer Systems 19(1), 36–70 (2001)

    Article  Google Scholar 

  25. JSR 118 Expert Group: Security for GSM/UMTS compliant devices recommended practice. addendum to the mobile information device profile. Technical report, Java Community Process (November 2002), http://www.jcp.org/aboutJava/communityprocess/maintenance/jsr118/

  26. JSR 120 Expert Group: Wireless messaging api (wma) for Java 2 micro edn. Technical Report JSR 120, Java Community Process (2003), http://jcp.org/aboutJava/communityprocess/final/jsr120/

  27. JSR 205 Expert Group: Wireless messaging api 2.0 (wma) for Java 2 micro edn. Technical Report JSR 205, Java Community Process (2004), http://jcp.org/aboutJava/communityprocess/final/jsr205/

  28. Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  29. Humphrey, M., Thompson, M.R., Jackson, K.R.: Security for grids. Proceedings of the IEEE 93(3), 644–652 (2005)

    Article  Google Scholar 

  30. Sun Microsystems Inc. Mobile Information Device Profile for Java 2 micro edn. Technical Report JSR 118, Java Community Process (November 2002), http://jcp.org/aboutJava/communityprocess/final/jsr118/index.html

  31. Sun Microsystems Inc. The Connected Limited Device Configuration specification. Technical Report JSR 139, Java Community Process (March 2003), http://jcp.org/aboutJava/communityprocess/final/jsr139/

  32. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 31–42. IEEE Press, Los Alamitos (1997)

    Google Scholar 

  33. Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification. Sun Microsystems (2000)

    Google Scholar 

  34. Keahey, K., Welch, V.: Fine-grain authorization for resource management in the grid environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  35. Koshutanski, H., Martinelli, F., Mori, P., Vaccarelli, A.: Fine-grained and history-based access control with trust management for autonomic grid services. In: Proceedings of the 2nd International Conference on Autonomic and Autonomous Systems (ICAS 2006), IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  36. Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  37. Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Sun Microsystems (1999)

    Google Scholar 

  38. Martinelli, F.: Analysis of security protocols as open systems. Journal of Computer Security 290(1), 1057–1106 (2003)

    MATH  MathSciNet  Google Scholar 

  39. Martinelli, F.: Towards an integrated formal analysis for security and trust. In: Steffen, M., Zavattaro, G. (eds.) FMOODS 2005. LNCS, vol. 3535, pp. 115–130. Springer, Heidelberg (2005)

    Google Scholar 

  40. Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: Proceedings of Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services (ICAS-ICNS 2005), p. 82. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  41. Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Foster, I., Tuecke, S.: Security architecture for open grid services. In: GGF OGSA Security Working Group (2003)

    Google Scholar 

  42. Necula, G.C.: Proof-carrying code. In: Conference Record of POPL 1997: The 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119 (1997)

    Google Scholar 

  43. Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. In: Proceedings of the 1998 ACM SIGPLAN Conference on Prgramming Language Design and Implementation (PLDI), pp. 333–344 (1998)

    Google Scholar 

  44. Pandey, R., Hashii, B.: Providing fine-grained access control for Java programs via binary editing. Concurrency: Practice and Experience 12(14), 1405–1430 (2000)

    Article  MATH  Google Scholar 

  45. Ryan, P., Schneider, S., Goldsmith, M., Lowe, G.: The modelling and analysis of security protocols: the CSP approach. Addison-Wesley, Reading (2000)

    Google Scholar 

  46. Soman, S., Krintz, C., Vigna, G.: Detecting malicious java code using virtual machine auditing. In: 12th USENIX Security Symposium (2003)

    Google Scholar 

  47. Spencer, B., Finholt, T.A., Foster, I., Kesselman, C., Beldica, C., Futrelle, J., Gullapalli, S., Hubbard, P., Liming, L., Marcusiu, D., Pearlman, L., Severance, C., Yang, G.: Neesgrid: A distributed collaboratory for advanced earthquake engineering experiment and simulation. In: 13th World Conference on Earthquake Engineering (2004)

    Google Scholar 

  48. http://java.sun.com/javame/downloads/index.jsp

  49. Thompson, M.R., Essiari, A., Keahey, K., Welch, V., Lang, S., Liu, B.: Fine-grained authorization for job and resource management using akenti and the globus toolkit. In: Proceedings of Computing in High Energy and Nuclear Physics (2003)

    Google Scholar 

  50. Vigna, G., Eckmann, S., Kemmerer, R.: The stat tool suite. In: DISCEX 2000, Hilton Head, South Carolina, IEEE Computer Society Press, Los Alamitos (2000)

    Google Scholar 

  51. Wallach, D.S.: A New Approach to Mobile Code Security. PhD thesis, Princeton University, New Jersey (1999)

    Google Scholar 

  52. Wallach, D.S., Balfanz, D., Dean, D., Felten, E.W.: Extensible security architectures for Java. In: 16th Symposium on Operating Systems Principles, pp. 116–128 (1997)

    Google Scholar 

  53. Wallach, D.S., Felten, E.W.: Undestanding java stack inspection. In: IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos (1998)

    Google Scholar 

  54. Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for grid services. In: 12th IEEE International Symp. on High Performance Distributed Computing (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Alessandro Aldini Roberto Gorrieri

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Martinelli, F., Mori, P. (2007). Enhancing Java Security with History Based Access Control. In: Aldini, A., Gorrieri, R. (eds) Foundations of Security Analysis and Design IV. FOSAD FOSAD 2007 2006. Lecture Notes in Computer Science, vol 4677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74810-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74810-6_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74809-0

  • Online ISBN: 978-3-540-74810-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics