G. Edjlali, A. Acharya, and V. Chaudhary. History-based Access Control for Mobile Code. In ACM Conference on Computer and Communication Security, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....unnecessary cost. The cost of editing can be eliminated by caching the edited classes. These edited classes are then subsequently loaded, eliminating the cost of additional binary editing. History based access control We provide a limited mechanism for doing history based access control [26]. Implementing such policies requires low level code manipulation by the policy writer. For example, in order to write a policy that states that a program can access either the file system or the network, the user must create a security state object which can then be used to create constraints for ....

Edjlali G, Acharya A, Chaudhary V. History-based access control for mobile code. Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, November 1998; 38--48.

....programs that migrate to their host. There is no fixed set of resources that a host administers. Further, because the different components of resources and mobile programs may require different levels of protection [20] security models must support fine grained access control. Several techniques [3,11,13,15,17,19,20,29,35,36] 1389 1286 00 see front matter 2000 Published by Elsevier Science B.V. All rights reserved. PII: S1389 1286(00)00075 X have been proposed for defining and enforcing access control for mobile programs. The primary focus in most of these approaches has been on supporting flexibility, ....

....resources would require rewriting the resource class. Our approach can handle this by automatically modifying the resource. Furthermore, access control decisions are based on the protection domain of the code. It is not clear how to base decisions on environmental or historical conditions. Deeds [11] is a history based access control mechanism built on top of Java 1.1 s security mechanism. In this system, a security event is a call to the security manager. The security manager will, in turn, call the handlers for the particular event. Policies can be modified by changing these handlers. ....

G. Edjlali, A. Acharya and V. Chaudhary, History-based access control for mobile code, in: Proc. of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, November 1998, pp. 38--48.

....with dependencies on the past. Among them, the Chinese Wall policy [10] is one of the best known. But many other forms of separation of duty [34] and information flow policies [28] also require event recording. The importance of history based polices has been recognized by several authors [15, 32, 40], however to our knowledge none was able to simultaneous express concisely and implement efficiently history based policies. In SPL history based policies are expressed by simple quantification rules over the abstract set PastEvents. Each of these rules declares and quantifies one event variable, ....

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In 5th ACM Conference on Computer and Communications Security, pages 38--48, San Francisco, California, Nov. 1998. ACM Press.

....(SHA) expressiveness of which is provably more restrictive than that of Buchi like security automata. Surprisingly, it is still possible to express a wide range of well known and realistic security policies with SHA: Chinese Wall policy [6] low water mark policy [4] one out of k authorization [7], assured pipelines [5, 14] etc. This demonstrates that it is indeed possible to define meaningful classes of security policies by constraining information accessible to execution monitors. Motivated by the above success, the state abstraction techniques applied to characterize shallow access ....

....all read(s, o # ) H, l[o] l[o # ] and exec(s, s # )## for all H s, s # S so that for all read(s, o) H, there is a read(s # , o # ) H, l[o # ] l[o] By construction, the SHA N l enforces the low water mark policy. 3. 3 One Out Of k Authorization One out of k authorization [7] classifies applications into equivalence classes based on the kind of access rights required to complete tasks. For example, applications can be classified into one of the following classes: A browser is a program that connects to remote sites, creates temporary local files in a ....

Guy Edjladi, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, USA, 1998.

....could be enforced. In [5] they implement Java stack inspection based approach based on bytecode rewriting and show performance measurements. Although our work adopts a similar bytecode modification approach for implementation, our focus is mainly on specifying expressive policies. Edjlali et al. [3] describe a history based access control mechanism for Java and provide several motivating examples for the use of such policies. The main contribution of their work is in providing a framework for implementing such policies in Java. Their implementation is related to the set of events that are ....

G. Edjlali, A. Acharya, and V. Chaudhary. History based access control for mobile code. In Proceedings of ACM Computer and Comunications Security conference, 1998.

....so called active capabilities are used, which are actually executable Java byte codes. PLANet [8] is another active networking project. The project uses a type safe, resource limited, functional programming language with dynamic type verification. The key idea behind history based access control [1] is to maintain a selective history of the access requests made by individual programs and to use this history to improve the differentiation between safe and potentially dangerous requests. Handlers are integrated to maintain the history, but the bigger the numbers of services which execute on an ....

Guy Edjlali, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In ACM Conference on Computer and Communications Security, pages 38--48, 1998.

....language with dynamic type verification. The Naccio project of MIT [2] uses also the mechanisms provided by Java. Joust [6] is a Java active OS implemented in Scout [13] and provides a Java virtual machine for the execution of active services. The key idea behind history based access control [1] is to maintain a selective history of the access requests made by individual programs and to use this history to improve the differentiation between safe and potentially dangerous requests. Handlers are integrated to maintain the history, but the bigger the numbers of services which execute on an ....

Guy Edjlali, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In ACM Conference on Computer and Communications Security, pages 38--48, 1998.

....its type system. While numerous bugs have been uncovered [20, 38] significant strides have been made at understanding the type system [2, 43, 21, 22, 19, 16] and supporting expressive security policies, including restrictions that can allow trusted system code to run with reduced privileges [47, 27, 23, 24]. However, language run time systems do not have all the same protection semantics as operating system processes. Processes encapsulate all the memory being used by a given task, making it easy to measure the total memory in use and apply limits on how big a process can grow (see Figure 1) ....

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS '98), pages 38--48, San Francisco, California, Nov. 1998. ACM Press.

.... promise of Java may be attractive, but a large number of security flaws have been discovered since its release [24, 57] Significant strides have been made at understanding the type system [3, 74, 31, 32, 23, 17] and protecting the Java system classes from being manipulated into violating security [80, 41, 33, 34], but efforts to control resource exhaustion have lagged behind. A simple infinite loop will still freeze the latest web browsers. The most successful systems to date either run the JVMs in separate processes or machines [55, 73] surrendering any performance benefits from running the JVM together ....

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS '98), pages 38--48, San Francisco, California, Nov. 1998. ACM Press.

.... focused on control transfers (rather than more general flows of information) and targeted at a full fledged runtime system (quite different from the lambda calculus) Execution history also plays a role in Schneider s security automata [17] and in the Deeds system of Edjlali et al. [6]. However, those works focus on collecting a selective history of sensitive access requests and use this information to constrain further access requests: for instance, network access may be explicitly forbidden after reading certain files. In contrast, our approach considers the history of ....

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In ACM Conference on Computer and Communications Security, pages 38--48, 1998.

....methods could provide a foundation for realizations of SASI for any suitably constructed high level language compiler and for a variety of platforms. For supporting user defined classes of security policies, expressiveness of the policy specification language is crucial. In Ariel [10] Deeds [3], Grimm and Bershad [5] and Naccio [4] security policies are formulated in a language that, at least in part, is processed by a Java compiler. This is no doubt attractive to Java programmers, since security policies can be specified without learning a new language. But by relying on a Java ....

....does, however, allow these systems to employ additional state for purposes of policy enforcement, considerably enlarging the set of security policies that can be specified. Finally, Ariel [10] Grimm and Bershad [5] and Naccio [4] insert checks only at JVML method and constructor calls; Deeds [3] inserts checks only at Java SecurityManager invocations. This restricts the set of enforceable security policies, as only some, not all, instructions in the target system can be halted. For instance, these tools cannot enforce policies that prohibit division by zero, restrict the value of a ....

G. Edjlali, A. Acharya, and V. Chaudhary. Historybased access control for mobile code. In Proc. 5th Conf. on Computer & Communications Security, May 1998.

....hosts had access to. If sensitive information was disclosed at a host, worker agents had to communicate with surveillance agents. Thus, the surveillance agents also serve for auditing purposes. They can also be used for trust assessment by helping the user to maintain behavioral history of hosts [5]. 3 Conclusion The present framework allows the secure execution of agents that do not have to perform sequential computations on untrusted hosts. The major limitation of the approach is the assumption that the computations have to be independent of previous collected data if the host cannot be ....

G. Edjlali, A. Acharya, and V. Chaudhary, "History-based Access Control for Mobile Code," presented at Fifth ACM Conference on Computer and Communications Security, San Francisco, 1998.

....is by far the more difficult security problem. It is known as the malicious host problem [16] 32] Much research has been devoted to the malicious code problem, including proof carrying code [65] policy directed code safety [31] artificial playgrounds for mobile agents [81] and many others [10][26][36] The malicious host problem has not been investigated with nearly the same rigor and intensity. Despite the existence of partial solutions [74] 78] and the effort of some preliminary investigations [40] 41] the present defense techniques against malicious hosts have remained largely ad hoc ....

G. Edjlali, A. Acharya, V. Chaudhary, "History Based Access Control for Mobile Code", in: Jan Vitek; Christian Jensen (Eds.): Secure Internet Programming, LNCS 1603, Springer-Verlag, pp. 413-432, 1999.

.... of Java may be attractive, but a large number of security flaws have been discovered in Java since its release [10, 24] Significant strides have been made at understanding the type system [1, 27, 11, 12, 8, 9] and protecting the Java system classes from being manipulated into violating security [30, 31, 18, 13, 14], but efforts to control resource exhaustion have lagged behind. A simple infinite loop will still freeze the latest Web browsers. The most successful systems to date either run the JVMs in separate processes or machines [23, 26] surrendering any performance benefits from running the JVM together ....

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS '98), pages 38--48, San Francisco, California, Nov. 1998. ACM Press.

....are allowed to do so. A closer look on security reveals various threats in different areas. Many of them have been identified [3, 10, 27] For some of them possible solutions have been presented. For some of them there are ideas how they might be solved (e.g. authentication [1] access control [4], trust [6] secure MbD [23] securing mobile agents from malicious hosts [13, 17, 21, 26] As most solutions and ideas only deal with a single problem they remain fragments. However, making mobile agent technology secure means to integrate these fragments in an architecture. Moreover, in order ....

G. Edjlali, A. Acharya, and V. Chaudhary. History-based access control for mobile code. In Proc. of the 5th ACM Conf. on Computer and Communications Security. ACM, 1998.

No context found.

G. Edjlali, A. Acharya, and V. Chaudhary. Historybased access control for mobile code. Technical report, University of California, Santa Barbara, 1997.

No context found.

G. Edjlali, A. Acharya, and V. Chaudhary. History-based Access Control for Mobile Code. In ACM Conference on Computer and Communication Security, 1998.

No context found.

Edjlali, G., Acharya, A. & Chaudhary, V. History-based Access Control for Mobile Code. Proc. ACM Computer and Communications Security 1998, 38-48.

No context found.

G. Edjlali, A. Acharya, and V. Chaudhary, "History-Based Access Control for Mobile Code," Proc. Fifth ACM Conf. Computer and Comm. Security, pp. 38-48, Nov. 1998.

No context found.

EDJLALI,G.,ACHARYA, A., AND CHAUDHARY,V. 1998. History-based access control for mobile code. In Proceedings of the Fifth ACM Conference on Computer and Communications Security (CCS).

No context found.

G. Edjlali, A. Anurag, and C. Vipin. History-based access-control for mobile code. In Proceedings of CCS'98.

No context found.

Guy Edjlali, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security, pages 38--48, San Francisco, California, USA, November 1998.

No context found.

Guy Edjladi, Anurag Acharya, and Vipin Chaudhary. History-based access control for mobile code. In Proceedings of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, USA, 1998.

No context found.

G. Edjlali, A. Acharya, and V. Chaudhary. History-based Access Control for Mobile Code. In Proc. of the Fifth ACM Conference on Computer and Communications Security (CCS), November 1998.

No context found.

G. Edjlali, A. Acharya and V. Chaudhary, History-based access control for mobile code, in: Proc. of the 5th ACM Conference on Computer and Communications Security, San Francisco, CA, November 1998, pp. 38--48.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC