Using reflection as a mechanism for enforcing security policies on compiled code
作者: Ian Welch , Robert J. Stroud
关键词:
摘要: Securing application resources or defining finer-gained access control for system using the Java security architecture requires manual changes to source code. This is error-prone and cannot be done if only compiled code present. We show how behavioural reflection can used enforce policies on Other authors have implemented rewriting toolkits that achieve same effect but they either require expressed in terms of low level abstractions use new high policy languages. Our approach allows reuseable as metaobjects a objecl oriented language (Java), then bound objects at loadtime. The binding between through bytecode under declarative specification. this Kava which portable reflective implementation. customisation rich range runtime behaviour. provides non-bypassable meta suitable implementing enforcement. discuss we secure third-party application, prevent being bypassed, compare its performance with non-reflective
acm.org
sci-hub.se 参考文章(29)
M. Benantar, B. Blakley, A. J. Nadalin, Approach to object security in distributed SOM Ibm Systems Journal. ,vol. 35, pp. 192- 203 ,(1996) , 10.1147/SJ.352.0192
Hidehiko Masuhara, Satoshi Matsuoka, Kenichi Asai, Akinori Yonezawa, Compiling away the meta-level in object-oriented concurrent reflective languages using partial evaluation conference on object oriented programming systems languages and applications. ,vol. 30, pp. 300- 315 ,(1995) , 10.1145/217838.217869
Úlfar Erlingsson, Fred B. Schneider, SASI enforcement of security policies: a retrospective new security paradigms workshop. pp. 87- 95 ,(1999) , 10.1145/335169.335201
Fred B. Schneider, Enforceable security policies ACM Transactions on Information and System Security. ,vol. 3, pp. 30- 50 ,(2000) , 10.1145/353323.353382
M.F Florio, R Gorrieri, G Marchetti, Coping with denial of service due to malicious Java applets Computer Communications. ,vol. 23, pp. 1645- 1654 ,(2000) , 10.1016/S0140-3664(00)00251-6
Grzegorz Czajkowski, Thorsten von Eicken, JRes Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications - OOPSLA '98. ,vol. 33, pp. 21- 35 ,(1998) , 10.1145/286936.286944
Urs Hölzle, Integrating Independently-Developed Components in Object-Oriented Languages european conference on object oriented programming. pp. 36- 56 ,(1993) , 10.1007/3-540-47910-4_4
Thomas Riechmann, Franz J. Hauck, Meta objects for access control: extending capability-based security new security paradigms workshop. pp. 17- 22 ,(1998) , 10.1145/283699.283735
D. Evans, A. Twyman, Flexible policy-directed code safety ieee symposium on security and privacy. pp. 32- 45 ,(1999) , 10.1109/SECPRI.1999.766716
U. Erlingsson, F.B. Schneider, IRM enforcement of Java stack inspection ieee symposium on security and privacy. pp. 246- 255 ,(2000) , 10.1109/SECPRI.2000.848461