The Security Architecture of the Java Operating System JX - A Security Architecture for Distributed Parallel Computing

Using the unneeded computation power in the internet for distributed computing is getting more and more eligible. To increase the willingness to provide unneeded computing power, a secure platform is needed for the execution of untrusted code. We present the architecture of the JX operating system, which can be used to safely execute untrusted code. The problem of erroneous agents crashing the system is solved by using Java – a typesafe language – as implementation language. The resource consumption of the agents is controlled by a security manager, that inspects every interaction between an agent and a system service. If the security policy does not approve the use of a system service, the access can be denied. An agent execution system build upon JX is presented to illustrate the security problems occurring and the solutions provided by the operating system JX.

[1]  Gernot Heiser,et al.  Mungi: A distributed single-address-space operating system , 1994 .

[2]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[3]  C. S. Wallace,et al.  A Password-Capability System , 1986, Comput. J..

[4]  Trent Jaeger,et al.  The SawMill multiserver approach , 2000, EW 9.

[5]  David A. Moon,et al.  Symbolics Architecture , 1990, Computer.

[6]  Andrew S. Tanenbaum,et al.  Distributed operating systems , 2009, CSUR.

[7]  Thorsten von Eicken,et al.  JRes: a resource accounting interface for Java , 1998, OOPSLA '98.

[8]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[9]  Dan S. Wallach,et al.  Java security: Web browsers and beyond , 1997 .

[10]  HardyNorm The Confused Deputy , 1988 .

[11]  Marc Shapiro,et al.  Structure and Encapsulation in Distributed Systems: The Proxy Principle , 1986, ICDCS.

[12]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[13]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[14]  Wilson C. Hsieh,et al.  Processes in KaffeOS: isolation, resource management, and sharing in java , 2000, OSDI.

[15]  Trent Jaeger,et al.  Synchronous IPC over transparent monitors , 2000, EW 9.

[16]  Mike Hibler,et al.  The Flask Security Architecture: System Support for Diverse Security Policies , 1999, USENIX Security Symposium.

[17]  Leendert van Doorn,et al.  A secure java TM virtual machine , 2000 .

[18]  Robert S. Fabry,et al.  Capability-based addressing , 1974, CACM.

[19]  梅村 恭司 Andrew S.Tanenbaum 著, "Operating systems, Design and implementation", PRENTICE-HALL, INC., Englewood Cliffs, B5変形判, 719p., \4,120 , 1988 .

[20]  Jonathan M. Smith,et al.  EROS: a fast capability system , 1999, SOSP.

[21]  George H. Mealy The Functional Structure of OS/360 Part I: Introductory Survey , 1966, IBM Syst. J..

[22]  Carl A. Waldspurger,et al.  Stride Scheduling: Deterministic Proportional- Share Resource Management , 1995 .

[23]  H. MealyG. The functional structure of OS/360 , 1966 .

[24]  Elliott I. Organick,et al.  Computer System Organization: The B5700/B6700 Series , 1973 .

[25]  Deyu Hu,et al.  Implementing Multiple Protection Domains in Java , 1998, USENIX Annual Technical Conference.

[26]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.