Using Reflection as a Mechanism for Enforcing Security Policies in Mobile Code

Several authors have proposed using code modification as a technique for enforcing security policies such as resource limits, access controls, and network information flows. However, these approaches are typically ad hoc and are implemented without a high level abstract framework for code modification. We propose using reflection as a mechanism for implementing code modifications within an abstract framework based on the semantics of the underlying programming language. We have developed a reflective version of Java called Kava that uses byte-code rewriting techniques to insert pre-defined hooks into Java class files at load time. This makes it possible to specify and implement security policies for mobile code in a more abstract and flexible way. Our mechanism could be used as a more principled way of enforcing some of the existing security policies described in the literature. The advantages of our approach over related work (SASI , JRes , etc.) are that we can guarantee that our security mechanisms cannot be bypassed, a property we call strong non-bypassability , and that our approach provides the high level abstractions needed to build useful security policies.

[1]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[2]  Daniel G. Bobrow,et al.  Book review: The Art of the MetaObject Protocol By Gregor Kiczales, Jim des Rivieres, Daniel G. and Bobrow(MIT Press, 1991) , 1991, SGAR.

[3]  Roberto Gorrieri,et al.  Coping with denial of service due to malicious Java applets , 2000, Comput. Commun..

[4]  Timothy Fraser,et al.  Hardening COTS software with generic software wrappers , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[5]  Raju Pandey,et al.  Providing Fine-Grained Access Control for Mobile Programs Through Binary Editing , 1998 .

[6]  Ian Welch,et al.  Supporting real world security models in Java , 1999, Proceedings 7th IEEE Workshop on Future Trends of Distributed Computing Systems.

[7]  Úlfar Erlingsson,et al.  SASI enforcement of security policies: a retrospective , 1999, NSPW '99.

[8]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.

[9]  Geoff A. Cohen,et al.  Automatic Program Transformation with JOIE , 1998, USENIX Annual Technical Conference.

[10]  David E. Evans,et al.  Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[11]  Ian Welch,et al.  Kava - A Reflective Java Based on Bytecode Rewriting , 1999, Reflection and Software Engineering.

[12]  Pattie Maes,et al.  Concepts and experiments in computational reflection , 1987, OOPSLA '87.

[13]  I. Welch Reflective Enforcement of the Clark-Wilson Integrity Model , 1999 .