Secure execution environment for Java electronic services

Private homes are becoming increasingly connected to the Internet in fast and reliable ways. These connections pave the way for networked services, i.e. services that gain their value through their connectivity. Examples of such electronic services (e-services) are services for remote control of household appliances, home health care or infotainment.Residential gateways connect the private home with the Internet and are the home access point and one execution platform for e-services. Potentially, a residential gateway runs e-services from multiple providers. The software environment of such a residential gateway is a Java execution environment where e-services execute as Java threads within the Java virtual machine. The isolation of these Java e-services from each other and from their execution environment is the topic of this thesis.Although the results of this thesis can be applied to most Java servers-e.g. Javaenabled web browsers, web servers, JXTA, JINI-this work focuses on e-services for the private home and their execution platform. Security for the private home as a prerequisite for end user acceptance is the motivation for this approach.This thesis establishes requirements that prevent e-services on the Java execution platform from harming other e-services on the same or other network nodes and that prevent e-services from harming their underlying execution environment. Some of the requirements can be fulfilled by using the existing Java sandbox for access control. Other requirements, concerned with availability of e-services and network nodes, need a modified Java environment that supports resource control and e-service-specific access control. While some of the requirements result in implementation guidelines for Java servers, and in particular for the e-service environment, other requirements have been implemented as a proof of concept.

[1]  Elizabeth D. Mynatt,et al.  Digital family portraits: supporting peace of mind for extended family members , 2001, CHI.

[2]  Paolo Bellavista,et al.  How to monitor and control resource usage in mobile agent systems , 2001, Proceedings 3rd International Symposium on Distributed Objects and Applications.

[3]  Manfred Hauswirth,et al.  A secure execution framework for Java , 2000, CCS.

[4]  A. Venkatesh,et al.  The Home of the Future: an Ethnographic Study of New Information Technologies in the Home , 2001 .

[5]  Carl E. Landwehr,et al.  Protection (Security) Models and Policy , 1997, The Computer Science and Engineering Handbook.

[6]  Johnny S. Wong,et al.  Anomalous intrusion detection system for hostile Java applets , 2001, J. Syst. Softw..

[7]  Elisa Bertino,et al.  Database Security: Research and Practice , 1995, Inf. Syst..

[8]  Kostas Pramataris,et al.  A high performance, versatile residential gateway , 2000, 2000 IEEE Wireless Communications and Networking Conference. Conference Record (Cat. No.00TH8540).

[9]  Jamie Jaworski,et al.  Java Security Handbook , 2000 .

[10]  David M. Wheeler,et al.  Java security extensions for a Java server in a hostile environment , 2001, Seventeenth Annual Computer Security Applications Conference.

[11]  Jeffrey M. Bradshaw,et al.  While You're Away: a system for load-balancing and resource sharing based on mobile agents , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[12]  Alladi Venkatesh,et al.  A Longitudinal Analysis of Computing in the Home , 2000, HOIT.

[13]  Andrew S. Tanenbaum,et al.  Operating systems: design and implementation , 1987, Prentice-Hall software series.

[14]  Aviel D. Rubin,et al.  Blocking Java applets at the firewall , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[15]  Antonio Corradi,et al.  A flexible access control service for Java mobile code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[16]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[17]  C. R. Holliday The residential gateway , 1997 .

[18]  Dan S. Wallach,et al.  Termination in language-based systems , 2002, TSEC.

[19]  Jon Ølnes,et al.  Mobile Agent Security - Issues and Directions , 1999, IS&N.

[20]  Nahid Shahmehri,et al.  Security Issues in E-Home Network and Software Infrastructures , 2001 .

[21]  Linley Gwennap Linley on Linux: Home Network Push Accelerates , 2001 .

[22]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[23]  Uresh K. Vahalia UNIX Internals: The New Frontiers , 1995 .

[24]  Raju Pandey,et al.  CPU resource control for mobile programs , 1999, Proceedings. First and Third International Symposium on Agent Systems Applications, and Mobile Agents.

[25]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[26]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[27]  K. Hofrichter The residential gateway as service platform , 2001, ICCE. International Conference on Consumer Electronics (IEEE Cat. No.01CH37182).

[28]  Vesna Hassler,et al.  Controlling applets' behavior in a browser , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[29]  Hideaki Okamura Adaptive resource management system for home-area networks , 2001, Proceedings 21st International Conference on Distributed Computing Systems Workshops.

[30]  John K. Ousterhout,et al.  The Safe-Tcl Security Model , 1998, USENIX Annual Technical Conference.

[31]  Raju Pandey,et al.  protection against untrusted programs by restricting the memory locations they can access , 1998 .

[32]  Christian H. Stork,et al.  Project TRANSPROSE: reconciling mobile-code security with execution efficiency , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[33]  Sergio Loureiro,et al.  Mobile code security , 2000 .

[34]  Nahid Shahmehri,et al.  Towards Secure E-Services: Risk Analysis of a Home Automation Service , 2001 .

[35]  Erik Sundvall,et al.  Experiences from Development of Home Health Care Applications based on Emerging Java Technology , 2001, MedInfo.

[36]  Li Gong,et al.  User authentication and authorization in the Java/sup TM/ platform , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[37]  Tobias Ritzau,et al.  Real-Time Reference Counting in RT-Java , 1999 .

[38]  Keiichi Teramoto,et al.  Gateway technologies for home network and their implementations , 2001, Proceedings 21st International Conference on Distributed Computing Systems Workshops.

[39]  Roy H. Campbell,et al.  Secure smart homes using Jini and UIUC SESAME , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[40]  Abraham Silberschatz,et al.  Applied Operating System Concepts, First Edition , 2000 .

[41]  Peter Haggar Practical Java: Programming Language Guide , 2000 .

[42]  Li Gong,et al.  Programming open service gateways with java embedded server , 2001 .

[43]  W. Paul,et al.  Computer Architecture , 2000, Springer Berlin Heidelberg.

[44]  Nigel Edwards,et al.  Security in the large: is Java's sandbox scalable? , 1998, Proceedings Seventeenth IEEE Symposium on Reliable Distributed Systems (Cat. No.98CB36281).

[45]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[46]  Li Gong,et al.  A Software Architecture for Open Service Gateways , 2001, IEEE Internet Comput..

[47]  Nahid Shahmehri,et al.  Using the Java sandbox for resource control , 2002 .

[48]  Günter Karjoth An operational semantics of Java 2 access control , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[49]  Tzi-cker Chiueh,et al.  Spout: a transparent distributed execution engine for Java applets , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[50]  S. Vang,et al.  The emergence of middleware in home telecommunication equipment , 2001 .

[51]  Dirk Balfanz,et al.  A security infrastructure for distributed Java applications , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[52]  T. S. West New Frontiers , 1968, Nature.

[53]  Michael K. Reiter,et al.  Secure execution of Java applets using a remote playground , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[54]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.

[55]  Franco Travostino,et al.  Towards a Resource-safe Java for Service Guarantees in Uncooperative Environments , 1998 .

[56]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[57]  R. Lea,et al.  HJA: Java programming for CE devices , 2001, ICCE. International Conference on Consumer Electronics (IEEE Cat. No.01CH37182).

[58]  S. Song A personal computer based residential gateway for ATM-based full service access networks , 1999, Engineering Solutions for the Next Millennium. 1999 IEEE Canadian Conference on Electrical and Computer Engineering (Cat. No.99TH8411).

[59]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[60]  Nahid Shahmehri,et al.  Towards secure e-services , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[61]  Niranjan Suri,et al.  State Capture and Resource Control for Java: The Design and Implementation of the Aroma Virtual Machine , 2001, Java Virtual Machine Research and Technology Symposium.

[62]  M. Condry,et al.  Open Service Gateway architecture overview , 1999, IECON'99. Conference Proceedings. 25th Annual Conference of the IEEE Industrial Electronics Society (Cat. No.99CH37029).

[63]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[64]  Andrew S. Tanenbaum,et al.  Modern operating systems, 2nd Edition , 2001 .

[65]  Gary McGraw,et al.  Securing Java: getting down to business with mobile code , 1999 .

[66]  Karen R. Sollins,et al.  Expanding and Extending the Security Features of Java , 1998, USENIX Security Symposium.

[67]  Michael Anthony Bauer,et al.  Driving resource management with application-level quality of service specifications , 1998, ICE '98.

[68]  Kenneth J. Kerpez,et al.  A Newly Emerging Customer Premises Paradigm for Delivery of Network-Based Services , 1999, Comput. Networks.

[69]  R. Jaeger Set-top box software architectures for digital video broadcast and interactive services , 2001, Conference Proceedings of the 2001 IEEE International Performance, Computing, and Communications Conference (Cat. No.01CH37210).

[70]  Umar Saif,et al.  Internet Access to a Home Area Network , 2001, IEEE Internet Comput..

[71]  Insik Shin,et al.  Mobile code security by Java bytecode instrumentation , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[72]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[73]  Li Gong,et al.  Implementing Protection Domains in the JavaTM Development Kit 1.2 , 1998, NDSS.

[74]  Bill Venners,et al.  Inside the Java Virtual Machine , 1997 .

[75]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[76]  L. Gong,et al.  Experience with secure multi-processing in Java , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[77]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.

[78]  Jr. Allen B. Tucker,et al.  The Computer Science and Engineering Handbook , 1997 .

[79]  Keiichi Teramoto,et al.  Home gateway architecture and its implementation , 2000, 2000 Digest of Technical Papers. International Conference on Consumer Electronics. Nineteenth in the Series (Cat. No.00CH37102).

[80]  Alladi Venkatesh,et al.  Computers and other interactive technologies for the home , 1996, CACM.

[81]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[82]  William Stallings,et al.  Operating Systems: Internals and Design Principles , 1991 .