Results 1 - 10
of
113
Decentralized Trust Management
- In Proceedings of the 1996 IEEE Symposium on Security and Privacy
, 1996
"... We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, an ..."
Abstract
-
Cited by 1025 (24 self)
- Add to MetaCart
(Show Context)
We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of credentials satisfy the relevant policies, and deferring trust to third parties. Existing systems that support security in networked applications, including X.509 and PGP, address only narrow subsets of the overall trust management problem and often do so in a manner that is appropriate to only one application. This paper presents a comprehensive approach to trust management, based on a simple language for specifying trusted actions and trust relationships. It also describes a prototype implementation of a new trust management system, called PolicyMaker, that will facilitate the development of security features in a wide range of network services. 1. Introduction The importance of cryptographic techniques in a wide range of network s...
Java Security: From HotJava to Netscape and Beyond
- IEEE Symposium on Security and Privacy
, 1996
"... The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and f ..."
Abstract
-
Cited by 221 (5 self)
- Add to MetaCart
(Show Context)
The introduction of Java applets has taken the World Wide Web by storm. Information servers can customize the presentation of their content with server-supplied code which executes inside the Web browser. We examine the Java language and both the HotJava and Netscape browsers which support it, and find a significant number of flaws which compromise their security. These flaws arise for several reasons, including implementation errors, unintended interactions between browser features, differences between the Java language and bytecode semantics, and weaknesses in the design of the language and the bytecode format. On a deeper level, these flaws arise because of weaknesses in the design methodology used in creating Java and the browsers. In addition to the flaws, we discuss the underlying tension between the openness desired by Web application writers and the security needs of their users, and we suggest how both might be accommodated. 1.
Towards seamless computing and metacomputing in Java
- CONCURRENCY: PRACT. EXPER.,VOL.10(11–13), 1043–1061 (1998)
, 1998
"... Due to its platform-independent execution model, its support for networking, multithreading and mobile code, Java has given hope that easy Internet-wide high-performance network computing was at hand. Numerous attempts have then been made at providing a framework for the development of such metacomp ..."
Abstract
-
Cited by 136 (18 self)
- Add to MetaCart
Due to its platform-independent execution model, its support for networking, multithreading and mobile code, Java has given hope that easy Internet-wide high-performance network computing was at hand. Numerous attempts have then been made at providing a framework for the development of such metacomputing applications. Unfortunately, none of them addresses seamless sequential, multithreaded and distributed computing, i.e. the execution of the same application on a multiprocessor shared-memory machine as well as on a network of workstations, or on any hierarchical combination of both. In this paper we first identify four requirements for the development of such metacomputing frameworks. We then introduce Java/ / (pronounced Java Parallel), a 100 % Java library that provides transparent remote objects as well as asynchronous two-way calls, high reuse potential and high-level synchronization mechanisms. We also present the metaobject protocol (MOP) Java/ / is built on and describe a distributed collaborative raytracing test application built using Java//.
A general purpose proxy filtering mechanism applied to the mobile environment
, 1997
"... Abstract 1.1 Our proxy In recent years, proxies have become more prevalent. Generally, these systems are used to process data tlowing between two end-points using an intermediary. More specifically, they can be used to filter or process traffic flowing to and from a network-limited host. Benefits in ..."
Abstract
-
Cited by 74 (0 self)
- Add to MetaCart
Abstract 1.1 Our proxy In recent years, proxies have become more prevalent. Generally, these systems are used to process data tlowing between two end-points using an intermediary. More specifically, they can be used to filter or process traffic flowing to and from a network-limited host. Benefits include more efficient use of network resources, re-duced cost, and increased security. In this paper, we describe the design and capabilities of such a system, how it has been applied to the mobile environment, and provide an evaluation of the work. 1
Integrating segmentation and paging protection for safe, efficient and transparent software extensions
, 1999
"... The trend towards extensible software architectures and component-based software development demands safe, effi-cient, and easy-to-use extension mechanisms to enforce pro-tection boundaries among software modules residing in the same address space. This paper describes the design, im-plementation, a ..."
Abstract
-
Cited by 73 (4 self)
- Add to MetaCart
(Show Context)
The trend towards extensible software architectures and component-based software development demands safe, effi-cient, and easy-to-use extension mechanisms to enforce pro-tection boundaries among software modules residing in the same address space. This paper describes the design, im-plementation, and evaluation of a novel intra-address space protection mechanism called Palladium, which exploits the segmentation and paging hardware in the Intel X86 archi-tecture and efficiently supports safe kernel-level and user-level extensions in a way that is largely transparent to pro-grammers and existing programming tools. Based on the considerations on ease of extension programming and sys-tems implementation complexity, Palladium uses different approaches to support user-level and kernel-level extension mechanisms. To demonstrate the effectiveness of the Palla-dium architecture, we built a Web server that exploits the user-level extension mechanism to invoke CG1 scripts as lo-cal function calls in a safe way, and we constructed a com-piled network packet filter that exploits the kernel-level ex-tension mechanism to run packet-filtering binaries safely in-side the kernel at native speed. The current Palladium pro-totype implementation demonstrates that a protected proce-dure call and return costs 142 CPU cycles on a Pentium 200MHz machine running Linux.
Language Support for Mobile Agents
, 1995
"... Mobile agents are code-containing objects that may be transmitted between communicating participants in a distributed system. As opposed to systems that only allow the exchange of nonexecutable data, systems incorporating mobile agents can achieve significant gains in performance and functionality. ..."
Abstract
-
Cited by 73 (2 self)
- Add to MetaCart
(Show Context)
Mobile agents are code-containing objects that may be transmitted between communicating participants in a distributed system. As opposed to systems that only allow the exchange of nonexecutable data, systems incorporating mobile agents can achieve significant gains in performance and functionality. A programming language for mobile agents must be able to express their construction, transmission, receipt, and subsequent execution. Its implementation must handle architectural heterogeneity between communicating machines and provide sufficient performance for applications based on agents. In addition to these essential properties, an agent language may support desirable properties such as high-level abstractions for code manipulation and the ability to access resources on remote execution sites. We designed and implemented an agent programming language that satisfies the essential properties and a number of desirable ones. A key feature of our language is the use of strong static typing ...
A Logic-based Knowledge Representation for Authorization with Delegation
, 1999
"... : We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open, distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, ..."
Abstract
-
Cited by 69 (7 self)
- Add to MetaCart
: We introduce Delegation Logic (DL), a logic-based knowledge representation (i.e., language) that deals with authorization in large-scale, open, distributed systems. Of central importance in any system for deciding whether requests should be authorized in such a system are delegation of authority, negation of authority, and conflicts between authorities. DL's approach to these issues and to the interplay among them borrows from previous work on delegation and trust management in the computer-security literature and previous work on negation and conflict handling in the logic-programming and non-monotonic reasoning literature, but it departs from previous work in some crucial ways. In this introductory paper, we present the syntax and semantics of DL and explain our novel design choices. This first paper focuses on delegation, including explicit treatment of delegation depth and delegation to complex principals; a forthcoming companion paper focuses on negation. Compared to previous lo...
System Support for Online Reconfiguration
- In Proc. USENIX Annual Technical Conference
, 2003
"... Permission is granted for noncommercial reproduction of the work for educational or research purposes. ..."
Abstract
-
Cited by 68 (9 self)
- Add to MetaCart
(Show Context)
Permission is granted for noncommercial reproduction of the work for educational or research purposes.
Portable Checkpointing for Heterogeneous Architectures.
- Paper presented at the 27th International Symposium on Fault-Tolerant Computing,
, 1997
"... ..."
(Show Context)
A Practically Implementable and Tractable Delegation Logic
, 2000
"... We address the goal of making Delegation Logic (DL) into a practically implementable and tractable trustmanagement system. DL [22] is a logic-based knowledge representation (i.e., language) for authorization in largescale, open, distributed systems. As introduced in [22], DL inferencing is computati ..."
Abstract
-
Cited by 57 (8 self)
- Add to MetaCart
We address the goal of making Delegation Logic (DL) into a practically implementable and tractable trustmanagement system. DL [22] is a logic-based knowledge representation (i.e., language) for authorization in largescale, open, distributed systems. As introduced in [22], DL inferencing is computationally intractable and highly impractical to implement. We introduce a new version of Delegation Logic that remedies these difficulties. To achieve this, we impose a syntactic restriction and redefine the semantics somewhat. We show that, for this revised version of DL, inferencing is computationally tractable under the same commonly met restrictions for which Ordinary Logic Programs (OLP) inferencing is tractable (e.g., Datalog and bounded number of logical variables per rule). We give an implementation architecture for this version of DL; it uses a delegation compiler from DL to OLP and can modularly exploit a variety of existing OLP inference engines. As proof of concept, we have impleme...
