The Java Security Model has undergone considerable evolution since its initial implementation. However, due to its historical focus on securing machines against attack from hostile Java applications, it has neglected support for securing "Real World" applications. We suggest that in order to support "Real World" security the ability to insert checks into compiled code in a principled way and high-level abstract security models are required. We briefly review the evolution of the Java Security Model, outline the requirements for supporting "Real World" security for applications, discuss whether Enterprise Java Beans satisfy these requirements, introduce our approach to meeting these requirements and discuss our current work.
[1]
Roy H. Campbell,et al.
Dynamic Agent-Based Security Architecture For Mobile Computers
,
1998
.
[2]
Thorsten von Eicken,et al.
JRes: a resource accounting interface for Java
,
1998,
OOPSLA '98.
[3]
D. Elliott Bell,et al.
Secure Computer System: Unified Exposition and Multics Interpretation
,
1976
.
[4]
David D. Clark,et al.
A Comparison of Commercial and Military Computer Security Policies
,
1987,
1987 IEEE Symposium on Security and Privacy.
[5]
Ian Welch,et al.
From Dalang to Kava - The Evolution of a Reflective Java Extension
,
1999,
Reflection.