Expanding and Extending the Security Features of Java

The popularity of the web has had several significant impacts, two of note here: (1) increasing sophistication of web pages, including more regular use of Java and other mobile code, and (2) decreasing average level of sophistication as the user population becomes more broad-based. Coupling these with the increased security threats posed by importing more and more mobile code has caused an emphasis on the security of executing Java applets. This paper considers two significant enhancements that will provide users with both a richer and more effective security model. The two enhancements are the provision of flexible and configurable security constraints and the ability to confine use of certain storage channels, as defined by Lampson[11], to within those constraints. We are particularly concerned with applets using files as communications channels contrary to desired security constraints. We present the mechanisms, a discussion of the implementation, and a summary of some performance comparisons. It is important to note that the ideas presented here are more generally applicable than only to the particular storage channels discussed or even only to Java.

[1]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[2]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Ravi Sandhu,et al.  Transaction control expressions for separation of duties , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[4]  I. S. Moskowitz,et al.  Covert channels-here to stay? , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[5]  Karl N. Levitt,et al.  MCF: a malicious code filter , 1995, Comput. Secur..

[6]  David A. Wagner,et al.  A Secure Environment for Untrusted Helper Applications , 1996, USENIX Security Symposium.

[7]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[8]  Martín Abadi,et al.  Secure network objects , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[9]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[10]  N. V. Mehta Fine-Grained Control of Java Applets Using a Simple Constraint Language , 1997 .

[11]  Li Gong,et al.  Java security: present and near future , 1997, IEEE Micro.

[12]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Daniel Hagimont,et al.  A protection scheme for mobile agents on Java , 1997, MobiCom '97.

[14]  Dan S. Wallach,et al.  Extensible security architectures for Java , 1997, SOSP.

[15]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[16]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[17]  Danny B. Lange,et al.  A Security Model for Aglets , 1997, IEEE Internet Comput..