|
7th USENIX Security Symposium, San Antonio, Texas
Expanding and Extending the Security Features of Java
Nimisha V. Mehta
The Open Group;
Karen R. Sollins
MIT Laboratory for Computer Science
Abstract
The popularity of the web has had several significant
impacts, two of note here: (1) increasing sophistication of
web pages, including more regular use of Java and other
mobile code, and (2) decreasing average level of
sophistication as the user population becomes more
broad-based. Coupling these with the increased security
threats posed by importing more and more mobile code has
caused an emphasis on the security of executing Java
applets. This paper considers two significant enhancements
that will provide users with both a richer and more
effective security model. The two enhancements are the
provision of flexible and configurable security constraints
and the ability to confine use of certain storage channels,
as defined by Lampson [lampson73],
to within those constraints. We are particularly concerned
with applets using files as communications channels contrary
to desired security constraints. We present the mechanisms,
a discussion of the implementation, and a summary of some
performance comparisons. It is important to note that the
ideas presented here are more generally applicable than only
to the particular storage channels discussed or even only to
Java.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program