A Module System for Isolating Untrusted Software Extensions
作者: Philip Fong , Simon Orr
DOI: 10.1109/ACSAC.2006.7
关键词: Application software 、 Computer science 、 Java 、 Isolation (database systems) 、 Software 、 Visibility (geometry) 、 Component-based software engineering 、 Address space 、 Operating system 、 Software system
摘要: With the recent advent of dynamically extensible software systems, in which extensions may be loaded into address space a core application to augment its capabilities, there is growing interest protection mechanisms that can isolate untrusted components from host application. Existing language-based environments such as JVM and CLI achieves isolation by an interposition mechanism known stack inspection. Expressive it is, inspection lack declarative characterization brittle face evolving configurations. A run-time module system, ISOMOD, proposed for Java platform facilitate isolation. create namespaces impose arbitrary name visibility policies control whether visible, whom what way accessed. Because ISOMOD exercises at load time, code runs full speed. Furthermore, because access are maintained separately, they evolve independently code. In addition, policy language provides means expressing very general form constraints. Not only simulate sizable subset permissions 2 security architecture, does so with robust changes The also expressive enough completely encode capability type system Discretionary Capability Confinement. spite expressiveness, admits efficient implementation strategy. short, avoids technical difficulties trading off acceptable level expressiveness. Name style therefore lightweight alternative interposition.
ieeecomputersociety.org
computer.org参考文章(31)
Yu David Liu, Scott F. Smith, Modules with interfaces for dynamic linking and communication european conference on object-oriented programming. pp. 415- 439 ,(2004) , 10.1007/978-3-540-24851-4_19
Fred B. Schneider, Greg Morrisett, Robert Harper, A Language-Based Approach to Security Lecture Notes in Computer Science. pp. 86- 101 ,(2001) , 10.1007/3-540-44577-3_6
Nathanael Schärli, Stéphane Ducasse, Oscar Nierstrasz, Roel Wuyts, Composable Encapsulation Policies european conference on object-oriented programming. pp. 26- 50 ,(2004) , 10.1007/978-3-540-24851-4_2
Frank Yellin, Tim Lindholm, The Java Virtual Machine Specification ,(1996)
M. D. Schroeder, COOPERATION OF MUTUALLY SUSPICIOUS SUBSYSTEMS IN A COMPUTER UTILITY Massachusetts Institute of Technology. ,(1972)
Philip W. L. Fong, Discretionary Capability Confinement Computer Security – ESORICS 2006. pp. 127- 144 ,(2006) , 10.1007/11863908_9
Jonathan Allen Rees, A security kernel based on the lambda-calculus Massachusetts Institute of Technology. ,(1995)
Ian Welch, Robert J. Stroud, Using reflection as a mechanism for enforcing security policies on compiled code Journal of Computer Security. ,vol. 10, pp. 399- 432 ,(2002) , 10.3233/JCS-2002-10405
Cédric Fournet, Martín Abadi, Access Control Based on Execution History. network and distributed system security symposium. ,(2003)
Dan S. Wallach, Andrew W. Appel, Edward W. Felten, SAFKASI: a security mechanism for language-based systems ACM Transactions on Software Engineering and Methodology. ,vol. 9, pp. 341- 378 ,(2000) , 10.1145/363516.363520