D. Evans. Policy-Directed Code Safety. PhD thesis, MIT, 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....is being used to enforce policies. The IRM approach is flexible because it allows security events and security updates to be associated with any application event. This degree of flexibility can be only approximated by wrapping security enforcement code around an interface, as done by Naccio [8] (for method calls) and Generic Software Wrappers [9] for system calls) Software based fault isolation (SFI) 17] enforces a memory protection policy by object code editing, and recent work on distributed virtual machines also is concerned with enforcing security policies by code rewriting [16] ....

Evans, D. and A. Twyman. Policy-directed code safety. Proceedings IEEE Symposium on Security and Privacy (Oakland, California, May 1999), IEEE Computer Society, California, 32--45.

.... are known to succeed say, because a component is trusted or because of pre existing access control rights our JVML SASI prototype does not add any checking code (because the rewriter can simplify the security automaton as it is being inserted) Data for the Blast and the Tar benchmarks in [4] suggest that as much as a fourfold performance improvement can be expected when checking code is eliminated in what arguably are realistic applications. 5. Related Work SASI is not the first tool to use object code modification as a way of enforcing security policies, nor is it the first work ....

....various memorysafety properties that become important for maintaining integrity in extensible systems, where extensions and a base system share a single address space [14, 12] There has also recently been work directed at enforcing richer classes of security policies for Java programs. Naccio [4] modifies method call instructions, redirecting them through a wrapper method; Ariel [10] and Grimm and Bershad [5] insert reference monitor code between target system instructions. With object code modification, the overhead for enforcement can be lowered if object code for the target system is ....

[Article contains additional citation context not shown here]

D. Evans and A. Twyman. Policy-directed code safety. In Proc. IEEE Symposium on Security and Privacy, May 1999.

....is being used to enforce policies. The IRM approach is flexible because it allows security events and security updates to be associated with any application event. This degree of flexibility can be only approximated by wrapping security enforcement code around an interface, as done by Naccio [9] (for method calls) and Generic Software Wrappers [10] for system calls) Software based fault isolation (SFI) 18] enforces a memory protection policy by object code editing, and recent work on distributed virtual machines also is concerned with enforcing security policies by code rewriting ....

Evans, D. and A. Twyman. Policy-directed code safety. Proceedings IEEE Symposium on Security and Privacy (Oakland, California, May 1999), IEEE Computer Society, California, 32--45.

....are used to enforce the policy. In principle, any security policy that is a safety property can be enforced, so the approach is quite powerful. For example,it can enforce any discretionary access control policy. The approach is also practical: Prototypes have been built at both Cornell and MIT [ES99,ET99,ES00]. One of the Cornell prototypes, PSLang PoET, works for the Java Virtual Machine language and gives competitive performance for the implementation of Java s stack inspection security policy. Type Safe Languages Type safe programming languages, such as Java, Scheme, or ML, ensure that operations ....

Evans D., and A. Twyman. Policy-directed code safety. In Proceedings of the

....system behavior, or . availability, and restrict principals from denying others the use of a resource. To date, general purpose security policies, like those above, have attracted the most attention. But application dependent and special purpose security policies are increasingly important [5, 8, 13, 15, 25, 27, 34]. A system to support mobile code, like Java [11] might prevent information leakage by enforcing a security policy that bars messages from being sent after files have been read. To support electronic commerce, a security policy might prohibit executions in which a customer pays for a service but ....

Evans, D. and A. Twyman. Policy-directed code safety. Proceedings 1999 IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, Calif., May 1999), IEEE Computer Society, Calif., 32--45.

....to develop tools and techniques for detecting likely problems in swarm programs and alerting programmers to things that might go wrong. 3. 2 Policy Directed Code Safety I have developed Naccio, a general architecture for code safety that addresses two weaknesses in current code safety systems [Evans99a, Evans99b]. One weakness is that traditional code safety systems cannot enforce policies with sufficient precision. For example, suppose a user wished to enforce a constraint on the amount of bandwidth untrusted programs may consume. Existing code safety systems, such as the Java sandbox, cannot enforce ....

....supports tradeoffs between the time required to generate a safety policy, the time required to transform an application and the run time costs associated with enforcing a safety policy. We have built two implementations of Naccio: Naccio JavaVM that enforces policies on JavaVM programs [Evans99b]; and Naccio Win32 that enforces policies on Win32 executables [Twyman99] Results from experiments with the prototypes indicate that it is possible to support a large class of policies without sacrificing performance for simple policies. Naccio is designed to make the run time overhead minimal ....

David Evans. Policy-Directed Code Safety. MIT PhD Thesis. February 2000.

....to develop tools and techniques for detecting likely problems in swarm programs and alerting programmers to things that might go wrong. 3. 2 Policy Directed Code Safety I have developed Naccio, a general architecture for code safety that addresses two weaknesses in current code safety systems [Evans99a, Evans99b]. One weakness is that traditional code safety systems cannot enforce policies with sufficient precision. For example, suppose a user wished to enforce a constraint on the amount of bandwidth untrusted programs may consume. Existing code safety systems, such as the Java sandbox, cannot enforce ....

David Evans and Andrew Twyman. Policy-Directed Code Safety. Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, California. p. 32-39. May 1999.

No context found.

D. Evans. Policy-Directed Code Safety. PhD thesis, MIT, 1999.

No context found.

D. Evans and A. Twyman, "Policy-Directed Code Safety," Proc. IEEE Symp. Security an Privacy, IEEE Press, Piscataway, N.J., 1999; see also www.cs.virginia. edu/~evans.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC