Abstract
Java language has become very popular in the last few years. Due to its portability, Java applications are adopted in distributed environment, where heterogeneous resources cooperate. In this context, security is a fundamental issue, because each resource could execute applications that have been developed by possibly unknown third parties.
This paper recalls several solutions for improving the Java native security support. In particular, it discusses an approach for history based access control of Java applications. This paper also describes the application of this solution to two common use cases: grid computing and mobile devices (such as mobile phones or PDAs).
Work partially supported by EU-funded projects Trust and Security for Next Generation Grids, GridTrust, IST-033817, Security of Software and Services for Mobile Systems, S3MS, IST-27004, and ARTIST2 Network of Excellence, IST-004527.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Alpern, B., Attanasio, C.R., Barton, J.J., et al.: The jalapeño virtual machine. IBM System Journal 39(1) (2000)
Anderson, A.: Java access control mechanisms. Technical report, Sun Microsystems (2002)
Baiardi, F., Martinelli, F., Mori, P., Vaccarelli, A.: Improving grid service security with fine grain policies. In: Meersman, R., Tari, Z., Corsaro, A. (eds.) On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops. LNCS, vol. 3292, pp. 123–134. Springer, Heidelberg (2004)
Baker, M., Buyya, R., Laforenza, D.: Grids and grid technologies for wide-area distributed computing. International Journal of Software: Practice and Experience 32(15), 1437–1466 (2002)
Bauer, L., Ligatti, J., Walker, D.: Composing security policies with polymer. In: PLDI ’05: Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, pp. 305–314. ACM Press, New York (2005)
Chadwick, D.W., Otenko, O.: The permis x.509 role based privilege management infrastructure. In: Proceedings of the 7th ACM symposium on Access control models and technologies (SACMAT 2002), pp. 135–140. ACM Press, New York (2002)
Chadwick, D.W., Otenko, S., Welch, V.: Using SAML to Link the GLOBUS Toolkit to the PERMIS Authorisation Infrastructure. In: Proceedings of Eighth Annual IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (September 2004)
Chapin, S.J., Katramatos, D., Karpovich, J., Grimshaw, A.: Resource management in Legion. Future Generation Computer Systems 15(5-6), 583–594 (1999)
Ciaschini, V., Gorrieri, R.: Contrasting malicious java applets by modifying the java virtual machine. In: 19th Int.l Information Security Conference (SEC 2004), pp. 47–64. Kluwer, Dordrecht (2004)
Colby, C., Lee, P., Necula, G.C., Blau, F., Plesko, M., Cline, K.: A certifying compiler for Java. ACM SIGPLAN Notices 35(5), 95–107 (2000)
Damianou, N., Dulay, N., Lupu, E., Sloan, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)
Eckmann, S., Vigna, G., Kemmerer, R.: Statl: An attack language for state-based intrusion detection. Journal of Computer Security 10(1/2), 71–104 (2002)
Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. PhD thesis, Cornell University, Adviser-Fred B. Schneider (2004)
Erlingsson, U., Schneider, F.B.: IRM enforcement of Java stack inspection. In: IEEE Symposium on Security and Privacy, pp. 246–255 (2000)
Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: WNSP: New Security Paradigms Workshop, ACM Press, New York (2000)
Evans, D., Twyman, A.: Flexible policy-directed code safety. In: IEEE Symposium on Security and Privacy, pp. 32–45 (1999)
Foster, I.: Globus toolkit version 4: Software for service-oriented systems. In: Jin, H., Reed, D., Jiang, W. (eds.) NPC 2005. LNCS, vol. 3779, pp. 2–13. Springer, Heidelberg (2005)
Foster, I., Kesselman, C.: The globus project: A status report. In: Proceedings of IPPS/SPDP 1998 Heterogeneous Computing Workshop, pp. 4–18 (1998)
Foster, I., Kesselman, C., Nick, J.M., Tuecke, S.: The physiology of the grid: An open grid service architecture for distributed system integration. Globus Project (2002), http://www.globus.org/research/papers/ogsa.pdf
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of Supercomputer Applications 15(3), 200–222 (2001)
GCC: the GNU compiler collection, http://gcc.gnu.org/
Gong, L.: Inside Java2 Platform Security, 2nd edn. Addison-Wesley, Reading (1999)
Globus GRAM architecture, http://www-unix.globus.org/developer/gram-architecture.html
Grimm, R., Bershad, B.N.: Separating access control policy, enforcement, and functionality in extensible systems. ACM Transactions on Computer Systems 19(1), 36–70 (2001)
JSR 118Â Expert Group: Security for GSM/UMTS compliant devices recommended practice. addendum to the mobile information device profile. Technical report, Java Community Process (November 2002), http://www.jcp.org/aboutJava/communityprocess/maintenance/jsr118/
JSR 120Â Expert Group: Wireless messaging api (wma) for Java 2 micro edn. Technical Report JSR 120, Java Community Process (2003), http://jcp.org/aboutJava/communityprocess/final/jsr120/
JSR 205Â Expert Group: Wireless messaging api 2.0 (wma) for Java 2 micro edn. Technical Report JSR 205, Java Community Process (2004), http://jcp.org/aboutJava/communityprocess/final/jsr205/
Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)
Humphrey, M., Thompson, M.R., Jackson, K.R.: Security for grids. Proceedings of the IEEE 93(3), 644–652 (2005)
Sun Microsystems Inc. Mobile Information Device Profile for Java 2 micro edn. Technical Report JSR 118, Java Community Process (November 2002), http://jcp.org/aboutJava/communityprocess/final/jsr118/index.html
Sun Microsystems Inc. The Connected Limited Device Configuration specification. Technical Report JSR 139, Java Community Process (March 2003), http://jcp.org/aboutJava/communityprocess/final/jsr139/
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 31–42. IEEE Press, Los Alamitos (1997)
Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification. Sun Microsystems (2000)
Keahey, K., Welch, V.: Fine-grain authorization for resource management in the grid environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)
Koshutanski, H., Martinelli, F., Mori, P., Vaccarelli, A.: Fine-grained and history-based access control with trust management for autonomic grid services. In: Proceedings of the 2nd International Conference on Autonomic and Autonomous Systems (ICAS 2006), IEEE Computer Society, Los Alamitos (2006)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2), 2–16 (2005)
Lindholm, T., Yellin, F.: The Java Virtual Machine Specification. Sun Microsystems (1999)
Martinelli, F.: Analysis of security protocols as open systems. Journal of Computer Security 290(1), 1057–1106 (2003)
Martinelli, F.: Towards an integrated formal analysis for security and trust. In: Steffen, M., Zavattaro, G. (eds.) FMOODS 2005. LNCS, vol. 3535, pp. 115–130. Springer, Heidelberg (2005)
Martinelli, F., Mori, P., Vaccarelli, A.: Towards continuous usage control on grid computational services. In: Proceedings of Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services (ICAS-ICNS 2005), p. 82. IEEE Computer Society, Los Alamitos (2005)
Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Foster, I., Tuecke, S.: Security architecture for open grid services. In: GGF OGSA Security Working Group (2003)
Necula, G.C.: Proof-carrying code. In: Conference Record of POPL 1997: The 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119 (1997)
Necula, G.C., Lee, P.: The design and implementation of a certifying compiler. In: Proceedings of the 1998 ACM SIGPLAN Conference on Prgramming Language Design and Implementation (PLDI), pp. 333–344 (1998)
Pandey, R., Hashii, B.: Providing fine-grained access control for Java programs via binary editing. Concurrency: Practice and Experience 12(14), 1405–1430 (2000)
Ryan, P., Schneider, S., Goldsmith, M., Lowe, G.: The modelling and analysis of security protocols: the CSP approach. Addison-Wesley, Reading (2000)
Soman, S., Krintz, C., Vigna, G.: Detecting malicious java code using virtual machine auditing. In: 12th USENIX Security Symposium (2003)
Spencer, B., Finholt, T.A., Foster, I., Kesselman, C., Beldica, C., Futrelle, J., Gullapalli, S., Hubbard, P., Liming, L., Marcusiu, D., Pearlman, L., Severance, C., Yang, G.: Neesgrid: A distributed collaboratory for advanced earthquake engineering experiment and simulation. In: 13th World Conference on Earthquake Engineering (2004)
Thompson, M.R., Essiari, A., Keahey, K., Welch, V., Lang, S., Liu, B.: Fine-grained authorization for job and resource management using akenti and the globus toolkit. In: Proceedings of Computing in High Energy and Nuclear Physics (2003)
Vigna, G., Eckmann, S., Kemmerer, R.: The stat tool suite. In: DISCEX 2000, Hilton Head, South Carolina, IEEE Computer Society Press, Los Alamitos (2000)
Wallach, D.S.: A New Approach to Mobile Code Security. PhD thesis, Princeton University, New Jersey (1999)
Wallach, D.S., Balfanz, D., Dean, D., Felten, E.W.: Extensible security architectures for Java. In: 16th Symposium on Operating Systems Principles, pp. 116–128 (1997)
Wallach, D.S., Felten, E.W.: Undestanding java stack inspection. In: IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos (1998)
Welch, V., Siebenlist, F., Foster, I., Bresnahan, J., Czajkowski, K., Gawor, J., Kesselman, C., Meder, S., Pearlman, L., Tuecke, S.: Security for grid services. In: 12th IEEE International Symp. on High Performance Distributed Computing (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martinelli, F., Mori, P. (2007). Enhancing Java Security with History Based Access Control. In: Aldini, A., Gorrieri, R. (eds) Foundations of Security Analysis and Design IV. FOSAD FOSAD 2007 2006. Lecture Notes in Computer Science, vol 4677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74810-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-74810-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74809-0
Online ISBN: 978-3-540-74810-6
eBook Packages: Computer ScienceComputer Science (R0)