Building systems that flexibly control downloaded executable context

Downloading executable content, which enables principals to run programs from remote sites, is a key technology in a number of emerging applications, including collaborative systems, electronic commerce, and web information services. However, the use of downloaded executable content also presents serious security problems because it enables remote principals to execute programs on behalf of the downloading principal. Unless downloaded executable content is properly controlled, a malicious remote principal may obtain unauthorized access to the downloading principal's resources. Current solutions either attempt to strictly limit the capabilities of downloaded content or require complete trust in the remote principal, so applications which require intermediate amounts of sharing, such as collaborative applications, cannot be constructed over insecure networks. In this paper, we describe an architecture that flexibly controls the access rights of downloaded content by: (1) authenticating content sources; (2) determining content access rights based on its source and the application that it is implementing; and (3) enforcing these access rights over a wide variety of objects and for the entire computation, even if external software is used. We describe the architecture in the context of an infrastructure for supporting collaborative applications.

[1]  Jeremy L. Jacob,et al.  Specifying security for CSCW systems , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[2]  William A. Wulf,et al.  HYDRA , 1974, Commun. ACM.

[3]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[4]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[5]  Helmut G. Stiegler,et al.  Discretionary access control by means of usage conditions , 1994, Comput. Secur..

[6]  Martín Abadi,et al.  Authentication in the Taos operating system , 1993, SOSP '93.

[7]  Imtiaz Mohammed,et al.  Design for dynamic user-role-based security , 1994, Comput. Secur..

[8]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Stephen T. Vinter,et al.  Extended discretionary access controls , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[10]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[11]  Aviel D. Rubin Trusted distribution of software over the Internet , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[12]  Atul Prakash,et al.  DistView: support for building efficient collaborative applications using replicated objects , 1994, CSCW '94.

[13]  Ken Thompson,et al.  The UNIX time-sharing system , 1974, CACM.

[14]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[15]  Alan O. Freier,et al.  SSL Protocol Version 3.0 Internet Draft , 1996 .

[16]  Atul Prakash,et al.  Corona: a communication service for scalable, reliable group collaboration systems , 1996, CSCW '96.

[17]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[18]  John K. Ousterhout,et al.  Safe Tcl: a toolbox for constructing electronic meeting places , 1995 .

[19]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[20]  Mahadev Satyanarayanan,et al.  Integrating security in a large distributed system , 1989, TOCS.

[21]  Atul Prakash,et al.  Support for the file system security requirements of computational E-mail systems , 1994, CCS '94.

[22]  Nathaniel S. Borenstein,et al.  EMail With A Mind of Its Own: The Safe-Tcl Language for Enabled Mail , 1994, ULPAA.

[23]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[24]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[25]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[26]  Atul Prakash,et al.  Implementation of a discretionary access control model for script-based systems , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[27]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[28]  Adi Shamir,et al.  On Digital Signatures and Public-Key Cryptosystems. , 1977 .