Providing fine-grained access control for Java programs via binary editing

作     者：Pandey, R Hashii, B 

作者机构：Univ Calif Davis Dept Comp Sci Parallel & Distributed Comp Lab Davis CA 95616 USA 

出 版 物：《CONCURRENCY-PRACTICE AND EXPERIENCE》 (并行学和计算：实践与经验)

年 卷 期：2000年第12卷第14期

页      面：1405-1430页

核心收录：

学科分类：08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：security policy mobile code access control Java object orientation binary editing 

摘      要：There is considerable interest in programs that can migrate from one host to another and execute, Mobile programs are appealing because they support efficient utilization of network resources and extensibility of information servers. However, since they cross administrative domains, they have the ability to access and possibly misuse a host s protected resources. In this paper, we present a novel approach for controlling and protecting a site s resources. In this approach, a site uses a declarative policy language to specify a set of constraints on accesses to resources, A set of code transformation tools enforces these constraints on mobile programs by integrating the access constraint checking code directly into the mobile program and resource definitions, Using this approach, a site does not need to explicitly include calls to reference monitors in order to protect resources. The performance analysis show that the approach performs better than reference monitor-based approaches in many cases. Copyright (C) 2000 John Wiley & Sons, Ltd.