History-based access control for mobile code

In this paper, we present a history-based access-control mechanism that is suitable for mediating accesses from mobile code. The key idea behind history-based access-control is to maintain a selective history of the access requests made by individual programs and to use this history to improve the differentiation between safe and potentially dangerous requests. What a program is allowed to do depends on its own behavior and identity and not the location it was loaded from or the identity of its author/provider. History-based access-control has the potential to significantly expand the set of programs that can be executed without compromising security or ease of use. We describe the design and implementation of Deeds, a history-based access-control mechanism for Java. Access-control policies for Deeds are written in Java, and can be updated while the programs whose accesses are being mediated are still executing.

[1]  Ethan L. Miller,et al.  Using Content-Derived Names for Caching and Software Distribution , 1998 .

[2]  James Gettys,et al.  X window system (3rd ed.): the complete reference to Xlib, X Protocol, ICCCM, XLFD , 1990 .

[3]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[4]  Robert Englander Developing Java Beans , 1997 .

[5]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[6]  Atul Prakash,et al.  A system architecture for flexible control of downloaded executable content , 1996, Proceedings of the Fifth International Workshop on Object-Orientation in Operation Systems.

[7]  Ethan L. Miller,et al.  Using content-derived names for configuration management , 1997, SSR '97.

[8]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[10]  Daniel Andresen,et al.  Dynamic processor scheduling with client resources for fast multi-resolution WWW image browsing , 1997, Proceedings 11th International Parallel Processing Symposium.

[11]  Atul Prakash,et al.  Building systems that flexibly control downloaded executable context , 1996 .

[12]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[13]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[14]  David E. Culler,et al.  Using smart clients to build scalable services , 1997 .

[15]  Barton P. Miller,et al.  Dynamic program instrumentation for scalable performance tools , 1994, Proceedings of IEEE Scalable High Performance Computing Conference.

[16]  Todd Gamble Implementing Execution Controls in Unix , 1993, LISA.

[17]  Chris J. Scheiman,et al.  Extending the operating system at the user level: the Ufo global file system , 1997 .

[18]  Brian N. Bershad,et al.  Extensibility safety and performance in the SPIN operating system , 1995, SOSP.

[19]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[20]  Paul A. Karger,et al.  Limiting the Damage Potential of Discretionary Trojan Horses , 1987, 1987 IEEE Symposium on Security and Privacy.

[21]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[22]  Peter R. Cappello,et al.  Javelin: Internet‐based parallel computing using Java , 1997 .

[23]  Li Gong,et al.  New security architectural directions for Java , 1997, COMPCON.

[24]  Karen R. Sollins,et al.  Expanding and Extending the Security Features of Java , 1998, USENIX Security Symposium.

[25]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[26]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[27]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[28]  Vijay Varadharajan,et al.  Joint actions based authorization schemes , 1996, OPSR.

[29]  Elisa Bertino,et al.  A Uniied Framework for Enforcing Multiple Access Control Policies , 1997 .

[30]  Cristina Serban,et al.  Run-time security evaluation (RTSE) for distributed applications , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[31]  Michael B. Jones,et al.  Interposition agents: transparently interposing user code at the system interface , 1994, SOSP '93.

[32]  Dan S. Wallach,et al.  Web Spoofing: An Internet Con Game , 1997 .

[33]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[34]  Scott Oaks,et al.  Java Security , 1998 .

[35]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[36]  James Gettys,et al.  X window system - the complete reference to Xlib, X protocol, ICCCM, XLFD ; X version 11, release 4 (international 2. ed.) , 1988, Digital Press X and Motif Series.

[37]  Xiangmin Zhang,et al.  Java Security , 2000 .

[38]  John Zukowski Java AWT Reference , 1997 .

[39]  Markus Mock,et al.  Automatic Dynamic Compilation Support for Event Dispatching in Extensible Systems , 1998 .

[40]  Birgit Pfitzmann,et al.  Digital Signature Schemes: General Framework and Fail-Stop Signatures , 1996 .

[41]  Bob Schmitt Shockwave studio - designing multimedia for the web , 1997, Web review studio series.