Extensible Security Architectures for Java.
25a72c5f0c88af4942f78a621bbd75803c94f3c64126ef142fa2dbbce00043d9
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<!-- This document is automatically generated. Instead, edit
pub/sosp97.xhtml and type "make". -->
<html> <head>
<title>Secure Internet Programming: Extensible Security Architectures for Java</title>
</head>
<body bgcolor="#fee7c8" VLINK="#731105" LINK="#b45216" TEXT="#TEXT#">
<font face="helvetica,geneva,arial">
<table width="100%" cellpadding=0 cellspacing=0 border=0>
<tr><td rowspan=2 bgcolor="#ffffff" valign=top align=left>
<table cellpadding=5 border=0>
<tr><td colspan=2 align=center>
<a href="/sip/"><img border=0 src="/sip/images/sip-logo-small.gif" width=100 height=41 alt="Secure Internet Programming"></a>
</td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/History.html">History</a></td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/People.html">People</a></td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/Partners.html">Partners</a></td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/Research.html">Research</a></td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/Publications.html">Publications</a></td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/java-faq.html">FAQ</a></td></tr>
<tr><td>
<img src="/sip/images/orange.gif" WIDTH=14 HEIGHT=14 ALT="*">
</td><td><a href="/sip/Links.html">Links</a></td></tr>
</table>
</td>
<td valign=bottom align=center bgcolor="#ffffff" width="100%">
<font size="+3"><b>Extensible Security Architectures for Java</b></font>
</td></tr>
<tr><td valign=top align=left>
<table width="100%" border=0 cellspacing=8>
<tr><td>
<img src="/sip/images/blank.gif" width=1 height=300 alt="">
</td>
<td valign=top align=left>
<dl>
<p>
<dt><font size="+1">Authors</font>
<dd><a href="http://www.cs.princeton.edu/~dwallach">Dan S. Wallach</a>
<dd><a href="http://www.cs.princeton.edu/~balfanz">Dirk Balfanz</a>
<dd><a href="http://www.cs.princeton.edu/~ddean">Drew Dean</a>
<dd><a href="http://www.cs.princeton.edu/~felten">Edward W. Felten</a>
<p>
<dt><font size="+1">Abstract</font>
<dd>
Mobile code technologies such as Java, JavaScript, and ActiveX
generally limit all programs to a single restrictive security policy.
However, software-based protection can allow for more extensible
security models, with potentially significant performance improvements
over traditional hardware-based solutions. An extensible security
system should be able to protect subsystems and implement policies
that are created after the initial system is shipped. We describe and
analyze three implementation strategies for interposing such security
policies in software-based security systems. Implementations exist
for all three strategies: several vendors have adapted capabilities to
Java, Netscape and Microsoft have extensions to Java's stack
introspection, and we built a name space management system as an
add-on to Microsoft Internet Explorer. Theoretically, all these
systems are equivalently secure, but many practical issues and
implementation details favor some aspects of each system.
<p>
<dt><font size="+1">Published</font>
<dd><i>16th Symposium on Operating Systems Principles</i> (Saint-Malo, France), October 1997.
<p>
<dt><font size="+1">Text</font>
<dd><a href="sosp97.ps.gz">GZip'ed Postscript</a> (78k)
<br><a href="sosp97.pdf">PDF (Adobe Acrobat)</a> (142k)
<br><a href="sosp97/">HTML 3.2</a> (<a href="http://www-dsed.llnl.gov/files/programs/unix/latex2html/manual/">L<SUP><SMALL>A</SMALL></SUP>T<SMALL>E</SMALL>X2HTML</a> conversion)
<p>
<dt><font size="+1">See Also</font>
<dd>Netscape's <a href="http://developer.netscape.com/library/documentation/signedobj/">signed object documentation</a>
<dd><a href="http://ncstrl.cs.princeton.edu/Dienst/UI/2.0/Describe/ncstrl.princeton%2fTR-546-97">Extensible Security Architectures for Java</a>. Dan S. Wallach, Dirk Balfanz, Drew Dean, and Edward W. Felten, Technical Report 546-97, Department of Computer Science, Princeton University, April 1997.
</dl>
</td></tr></table>
<table width="100%" border=0 cellspacing=8>
<tr><td>
<hr>
<center>
<a href="http://www.princeton.edu/">Princeton University</a>
<br>
<a href="http://www.cs.princeton.edu/">Department of Computer Science</a>
<br>
Contact: <a href="mailto:sip@cs.princeton.edu"><i>sip@cs.princeton.edu</i></a>
</center>
</td></tr></table>
</td></tr></table>
</font>
</body> </html>