Results 1 - 10
of
221
StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks
- In Proceedings of the 7th USENIX Security Symposium
, 1998
"... 1 ..."
(Show Context)
A Secure Environment for Untrusted Helper Applications -- Confining the Wily Hacker
"... Many popular programs, such as Netscape, use untrusted helper applications to process data from the network. Unfortunately, the unauthenticated network data they interpret could well have been created by an adversary, and the helper applications are usually too complex to be bug-free. This raises si ..."
Abstract
-
Cited by 462 (7 self)
- Add to MetaCart
Many popular programs, such as Netscape, use untrusted helper applications to process data from the network. Unfortunately, the unauthenticated network data they interpret could well have been created by an adversary, and the helper applications are usually too complex to be bug-free. This raises significant security concerns. Therefore, it is desirable to create a secure environment to contain untrusted helper applications. We propose to reduce therisk of a security breachby restricting the program's access to the operating system. In particular, we intercept and filter dangerous system calls via the Solaris process tracing facility. This enabled us to build a simple, clean, user-mode implementation of as ecure environment for untrusted helper applications. Our implementation has negligible performance impact, and can protect pre-existing applications.
Extensible security architecture for Java
- In Proceedings of the 16th ACM Symposium on Operating Systems Principles
, 1997
"... As the World Wide Web has been used to build increasingly complex applications, developers have been constrained by the Web’s static document model. “Active ” content can add simple animations to a page, but it can also transform the Web into a “platform ” for writing and distributing programs. A va ..."
Abstract
-
Cited by 199 (8 self)
- Add to MetaCart
As the World Wide Web has been used to build increasingly complex applications, developers have been constrained by the Web’s static document model. “Active ” content can add simple animations to a page, but it can also transform the Web into a “platform ” for writing and distributing programs. A variety of mobile code systems such as Java [Gosling et al.
Going beyond the sandbox: An overview of the new security architecture in the Java development kit 1.2
- IN PROCEEDINGS OF THE USENIX SYMPOSIUM ON INTERNET TECHNOLOGIES AND SYSTEMS
, 1997
"... This paper describes the new security architecture that has been implemented as part of JDK1.2, the forthcoming Java TM Development Kit. In going beyond the sandbox security model in the original release of Java, JDK1.2 provides fine-grained access control via an easily configurable security policy. ..."
Abstract
-
Cited by 183 (5 self)
- Add to MetaCart
(Show Context)
This paper describes the new security architecture that has been implemented as part of JDK1.2, the forthcoming Java TM Development Kit. In going beyond the sandbox security model in the original release of Java, JDK1.2 provides fine-grained access control via an easily configurable security policy. Moreover, JDK1.2 introduces the concept of protection domain and a few related security primitives that help to make the underlying protection mechanism more robust.
Javelin: Internet-Based Parallel Computing Using Java
, 1997
"... Java offers the basic infrastructure needed to integrate computers connected to the Internet into a seamless parallel computational resource: a flexible, easily-installed infrastructure for running coarse-grained parallel applications on numerous, anonymous machines. Ease of participation is seen as ..."
Abstract
-
Cited by 148 (6 self)
- Add to MetaCart
(Show Context)
Java offers the basic infrastructure needed to integrate computers connected to the Internet into a seamless parallel computational resource: a flexible, easily-installed infrastructure for running coarse-grained parallel applications on numerous, anonymous machines. Ease of participation is seen as a key property for such a resource to realize the vision of a multiprocessing environment comprising thousands of computers. We present Javelin, a Java-based infrastructure for global computing. The system is based on Internet software technology that is essentially ubiquitous: Web technology. Its architecture and implementation require participants to have access only to a Java-enabled Web browser. The security constraints implied by this, the resulting architecture, and current implementation are presented. The Javelin architecture is intended to be a substrate on which various programming models may be implemented. Several such models are presented: A Linda Tuple Space, an SPMD programmin...
UIML: an appliance-independent xml user interface language
- In Computer Networks 31, Elsevier Science
, 1999
"... Abstract Today's Internet appliances feature user interface technologies almost unknown a few years ago: touch screens, styli, handwriting and voice recognition, speech synthesis, tiny screens, and more. This richness creates problems. First, different appliances use different languages: WML f ..."
Abstract
-
Cited by 143 (5 self)
- Add to MetaCart
(Show Context)
Abstract Today's Internet appliances feature user interface technologies almost unknown a few years ago: touch screens, styli, handwriting and voice recognition, speech synthesis, tiny screens, and more. This richness creates problems. First, different appliances use different languages: WML for cell phones; SpeechML, JSML, and VoxML for voice enabled devices such as phones; HTML and XUL for desktop computers, and so on. Thus, developers must maintain multiple source code families to deploy interfaces to one information system on multiple appliances. Second, user interfaces differ dramatically in complexity (e.g, PC versus cell phone interfaces). Thus, developers must also manage interface content. Third, developers risk writing appliance-specific interfaces for an appliance that might not be on the market tomorrow. A solution is to build interfaces with a single, universal language free of assumptions about appliances and interface technology. This paper introduces such a language, the User Interface Markup Language (UIML), an XML-compliant language. UIML insulates the interface designer from the peculiarities of different appliances through style sheets. A measure of the power of UIML is that it can replace hand-coding of Java AWT or Swing user interfaces.
A Type System for Object Initialization In the Java Bytecode Language
- IN PROCEEDINGS OF ACM SIGPLAN CONFERENCE ON OBJECTORIENTED PROGRAMMING, SYSTEMS, LANGUAGES & APPLICATION
, 1998
"... In the standard Java implementation, a Java language program is compiled to Java bytecode. This bytecode may be sent across the network to another site, where it is then interpreted by the Java Virtual Machine. Since bytecode may be written by hand, or corrupted during network transmission, the Java ..."
Abstract
-
Cited by 114 (3 self)
- Add to MetaCart
In the standard Java implementation, a Java language program is compiled to Java bytecode. This bytecode may be sent across the network to another site, where it is then interpreted by the Java Virtual Machine. Since bytecode may be written by hand, or corrupted during network transmission, the Java Virtual Machine contains a bytecode verifier that performs a number of consistency checks before code is interpreted. As illustrated by previous attacks on the Java Virtual Machine, these tests, which include type correctness, are critical for system security. In order to analyze existing bytecode verifiers and to understand the properties that should be verified, we develop a precise specification of statically-correct Java bytecode, in the form of a type system. Our focus in this paper is a subset of the bytecode language dealing with object creation and initialization. For this subset, we prove that for every Java bytecode program that satisfies our typing constraints, every object is in...
THE INLINED REFERENCE MONITOR APPROACH TO SECURITY POLICY ENFORCEMENT
, 2004
"... Embedding security enforcement code into applications is an alternative to tradi-tional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible general-purpose e ..."
Abstract
-
Cited by 99 (1 self)
- Add to MetaCart
Embedding security enforcement code into applications is an alternative to tradi-tional security mechanisms. This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems. IRMs enable flexible general-purpose enforcement of security policies, and they are especially well suited for extensible systems and other non-traditional platforms. IRMs can exhibit similar, or even better, performance than previous approaches and can help increase assurance by contributing little to the size of a trusted computing base. Moreover, IRMs ’ agility in distributed settings allows for their cost-effective and trustworthy deployment in many scenarios. In this dissertation, IRM implementations are derived from formal automata-based specifications of security policies. Then, an IRM toolkit for Java is described in detail. This Java IRM toolkit uses an imperative policy language that allows a security policy, in combination with the details of its enforcement, to be given in a single complete specification. Various example policies, including the stack-inspection policy of Java, illustrate the approach. These examples shed light on
