Treffer: Towards formalizing the Java security architecture of JDK 1.2

Title:
Towards formalizing the Java security architecture of JDK 1.2
Authors:
KASSAB, L. L, GREENWALD, S. J
Source:
Computer security (Louvain la Neuve, 16-18 September 1998)Lecture notes in computer science. :191-207
Publisher Information:
Berlin: Springer, 1998.
Publication Year:
1998
Physical Description:
print, 20 ref
Original Material:
INIST-CNRS
Subject Terms:
Computer science, Informatique, Sciences exactes et technologie, Exact sciences and technology, Sciences appliquees, Applied sciences, Informatique; automatique theorique; systemes, Computer science; control theory; systems, Logiciel, Software, Organisation des mémoires. Traitement des données, Memory organisation. Data processing, Gestion des mémoires et des fichiers (y compris la protection et la sécurité des fichiers), Memory and file management (including protection and security), Langage orienté objet, Object-oriented languages, Protection fichier, File protection, Protección fichero, Protection information, Information protection, Protección información, Système informatique, Computer system, Sistema informático, Sécurité donnée, Security of data, Vérification formelle, Formal verification, Sécurité informatique, Computer security
Document Type:
Konferenz Conference Paper
File Description:
text
Language:
English
Author Affiliations:
Naval Research Laboratory, Center for High Assurance Computer Systems, Washington, D.C. 20375, United States
Independent Consultant, 2521 NE 135th Street, North Miami, Florida 33181, United States
ISSN:
0302-9743
Access URL:
http://pascal-francis.inist.fr/vibad/index.php?action=search&terms=1570944
Rights:
Copyright 1999 INIST-CNRS
CC BY 4.0
Sauf mention contraire ci-dessus, le contenu de cette notice bibliographique peut être utilisé dans le cadre d’une licence CC BY 4.0 Inist-CNRS / Unless otherwise stated above, the content of this bibliographic record may be used under a CC BY 4.0 licence by Inist-CNRS / A menos que se haya señalado antes, el contenido de este registro bibliográfico puede ser utilizado al amparo de una licencia CC BY 4.0 Inist-CNRS
Notes:
Computer science; theoretical automation; systems
Accession Number:
edscal.1570944
Database:
PASCAL Archive

Weitere Informationen

The Java security architecture in the Java Development Kit 1.2 expands the current Java sandbox model, allowing finer-grained, configurable access control for Java code. This new security architecture permits more precise, yet flexible, protection for both remote code (loaded across a network connection) and local code (residing on the same machine running the Java Virtual Machine) developed using the Java programming language. Our formal model and analysis is intended to: (1) allow designers and implementors to understand and correctly use the protection provided by these security controls, and (2) provide guidance to a JVM implementor wishing to support these security controls. Access control decisions in Java are made based on the current execution context using stack introspection. To model this, we employ a state-based model that uses multiple access control matrices to model the security controls in JDK 1.2. We also present a safety analysis and discuss the effects of static and dynamic security policies for a given Java Virtual Machine.