Mobile code presents a number of threats to machines that execute it. We introduce an approach for protecting machines and the resources they hold from mobile code, and describe a system based on our approach for protecting host machines from Java 1.1 applets. In our approach, each Java applet downloaded to the protected domain is rerouted to a dedicated machine (or set of machines), the playground, at which it is executed. Prior to execution the applet is transformed to use the downloading user's web browser as a graphics terminal for its input and output, and so the user has the illusion that the applet is running on her own machine. In reality, however, mobile code runs only in the sanitized environment of the playground, where user files cannot be mounted and from which only limited network connections are accepted by machines in the protected domain. Our playground thus provides a second level of defense against mobile code that circumvents language-based defenses. The paper presents the design and implementation of a playground for Java 1.1 applets, and discusses extensions of it for other forms of mobile code including Java 1.2.
|
890
|
The Java virtual machine specification
– Lindholm, Yellin
- 1999
|
|
811
|
Proof-Carrying Code
– Necula
- 1997
|
|
703
|
Scale and performance in a distributed file system
– Howard, Kazar, et al.
- 1988
|
|
361
|
Safe kernel extensions without run-time checking
– Necula, Lee
- 1996
|
|
206
|
Making paths explicit in the scout operating system
– Mosberger, Peterson
- 1996
|
|
178
|
Java Security: From HotJava to Netscape and Beyond
– Dean, Felten, et al.
- 1996
|
|
176
|
Extensible security architectures for java
– Wallach, Balfanz, et al.
- 1997
|
|
162
|
Bellovin: Firewalls and Internet Security: Repelling the Wily Hacker
– Cheswick, M
- 1994
|
|
121
|
Going Beyond the Sandbox: An Overview of the New Security Architecture
– Gong, Mueller, et al.
- 1997
|
|
95
|
Java Security: Hostile Applets, Holes, and Antidotes
– MCGRAW, FELTEN
- 1997
|
|
94
|
Java Remote Method Invocation Specification
– MICROSYSTEMS
- 1997
|
|
84
|
Implementing multiple protection domains in Java
– Hawblitzel, Chang, et al.
- 1998
|
|
82
|
JRes: A resource accounting interface for Java
– Czajkowski, Eicken
- 1998
|
|
70
|
Xtv: A framework for sharing x window clients in remote synchronous collaboration
– Abdel-Wahab, Feit
- 1991
|
|
62
|
Java Security: Present and Near Future
– Gong
- 1997
|
|
60
|
Web Spoofing: An Internet Con Game
– Felten, Balfanz, et al.
- 1997
|
|
58
|
The Java Virtual Machine Speci cation
– Lindholm, Yellin
- 1997
|
|
55
|
The Java Virtual Machine Speci
– Lindholm, Yellin
- 1997
|
|
48
|
Java operating systems: Design and implementation
– Back, Tullmann, et al.
- 1998
|
|
35
|
Experience with secure multi-processing in java
– Balfanz, Gong
- 1998
|
|
29
|
Scale and performance in a distributed le system
– Howard, Kazar, et al.
- 1988
|
|
28
|
Scale and performance in a distributed system
– Howard, Kazar, et al.
- 1988
|
|
26
|
Building Internet Firewalls. O'Reilly & Associates
– Chapman, Zwicky
- 1995
|
|
25
|
Blocking Java Applets at the Firewall
– Martin, Rajagopalan, et al.
- 1997
|
|
20
|
Trestle reference manual
– Manasse, Nelson
- 1991
|
|
17
|
Global Teleporting with Java: Toward Ubiquitous Personalized Computing
– Wood, Richardson, et al.
- 1997
|
|
12
|
Security of web browser scripting languages: Vulnerabilities, attacks, and remedies
– Anupam, Mayer
- 1998
|
|
12
|
Building Internet Firewalls. O’Reilly and Associates
– Zwicky, Cooper, et al.
- 2000
|
|
10
|
Teleporting: Mobile X sessions
– Richardson
- 1995
|
|
8
|
A Java Filter
– Balfanz, Felten
- 1997
|
|
8
|
Joust: A platform for communications-oriented liquid software
– Hartman, Peterson, et al.
- 1999
|
|
6
|
Remote Method Invocation Speci cation
– Microsystems
- 1997
|
|
6
|
Java Remote Method Invocation Speci
– Microsystems
- 1997
|
|
5
|
Java in a Nutshell, Second edition, O'Reilly & Associates
– Flanagan
- 1997
|
|
3
|
Blocking Java applets at the rewall
– Martin, Rajagopalan, et al.
- 1997
|
|
2
|
Secure mobile code management: Enabling Java for the enterprise
– Herbert
- 1997
|
|
2
|
Pushing the limits of Java security
– Ladue
- 1996
|
|
2
|
Java Object Serialization Specification, Revision 1.2
– Microsystems, Inc
- 1996
|
|
2
|
Blocking Java applets at the
– Martin, Rajagopalan, et al.
- 1997
|
|
1
|
IBM explains how to use the Remote Abstract Windowing Toolkit (RAWT
– Rosberg, Berg, et al.
- 1999
|
|
1
|
A Java lter
– Balfanz, Felten
- 1997
|
|
1
|
Java Object Serialization Speci - cation, Revision 1.2
– Microsystems, Inc
- 1996
|
|
