Empowering mobile code using expressive security policies

Existing approaches for mobile code security tend to take a conservative view that mobile code is inherently risky, and hence focus on confining it. Such confinement is usually achieved using access control policies that restrict mobile code from taking any action that can potentially be used to harm the host system. While such policies can be helpful in keeping "bad applets" in check, they preclude a large number of useful applets. We therefore take an alternative view of mobile code security, one that is focused on empowering mobile code rather than disabling it. We propose an approach wherein highly expressive security policies provide the basis for such empowerment, while greatly mitigating the risks posed to the host system by such code. Our policies are represented as extended finite state automata, (a generalization of the finite-state automata to permit the use of variables) that can enforce these policies efficiently. We have built a prototype implementation of our approach for Java. Our implementation is based on rewriting Java byte code so that security-relevant events are intercepted and forwarded to the policy enforcement automata before they are executed. Early experimental results indicate that such expressive, enabling policies can be supported with low overheads.

[1]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[2]  Dan S. Wallach,et al.  Understanding Java stack inspection , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[3]  R. Sekar,et al.  Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications , 1999, USENIX Security Symposium.

[4]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[6]  Markus Dahm,et al.  Byte Code Engineering , 1999, Java-Informations-Tage.

[7]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  C. R. Ramakrishnan,et al.  Model-Carrying Code (MCC): a new paradigm for mobile-code security , 2001, NSPW '01.

[9]  Manfred Hauswirth,et al.  A secure execution framework for Java , 2000, CCS.

[10]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[11]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[12]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[13]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[14]  V.V.S. Raveendra Inside java 2 platform security: architecture, API design and implementation [Book Review] , 2002, IEEE Software.