Securing Java with Local Policies

By: Massimo Bartoletti, Gabriele Costa, Pierpaolo Degano, Fabio Martinelli, Roberto Zunino

Abstract

We propose an extension to the security model of Java, that allows for specifying, analysing and enforcing history-based usage policies. Policies are defined by usage automata, that recognize the forbidden execution histories. Programmers can sandbox an untrusted piece of code with a policy, which is enforced at run-time through its local scope. A static analysis allows for optimizing the execution monitor: only the policies not guaranteed to be always obeyed will be enforced at run-time.

Cite as:

Massimo Bartoletti, Gabriele Costa, Pierpaolo Degano, Fabio Martinelli, Roberto Zunino, “Securing Java with Local Policies”, Journal of Object Technology, Volume 8, no. 4 (June 2009), pp. 5-32, doi:10.5381/jot.2009.8.4.a1.

PDF | HTML | DOI | BiBTeX | Tweet this | Post to CiteULike | Share on LinkedIn

The JOT Journal   |   ISSN 1660-1769   |   DOI 10.5381/jot   |   AITO   |   Open Access   |    Contact