Access Control in Runtime System - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Access Control in Runtime System

Description:

Two directions of information flow: system resources and user privacy. ... Privilege depends not only the creator of code, but also user, deployor, ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 12
Provided by: LEX1
Category:

less

Transcript and Presenter's Notes

Title: Access Control in Runtime System


1
Access Control in Runtime System
  • Xinwen Zhang
  • Lab for Information Security Technology(LIST)
  • George Mason University

2
Access Control
  • General security requirements
  • Authentication
  • Authorization
  • Confidentiality
  • Integrity
  • Availability
  • AC solves the problem of Authorization
  • Who can (cannot) do what
  • subject permission object

3
Runtime Environment
  • Original source code compiled to byte code Java
    Bytecode, Microsoft Intermediate Language (MSIL),
    etc.
  • Remotely running of these byte code needs support
    of runtime virtual machine
  • Advantages
  • Highly flexible software development deployment
  • Highly distributed computing
  • New business model
  • CLR (.Net) and JRE (Java) are two mainstream
    runtime system currently

4
Runtime Security
  • Same security problem as mobile code, executable
    content, component software, etc
  • New security risks and requirements in runtime
    environment
  • Two directions of information flow system
    resources and user privacy.
  • Consistence of security policy between local host
    system, runtime configure, and code
    creator/deployer.
  • Privilege depends not only the creator of code,
    but also user, deployor, supplier, administrator,
    etc. Standalone system security cannot satisfy
    anymore.
  • Malicious code is everywhere
  • Trojan horse program
  • Virus

5
Access Control in Runtime
  • Who? (subjects)
  • Code owner, developer, deployer
  • Multi-level users
  • Security administrator
  • Mobile agents
  • What? (objects)
  • All kinds of resources in local host
  • Files, directories, I/O, network ports, services,
    registry items, DB, etc)
  • Sensitive information presented by mobile code
    (input and output)
  • Access control enforce the security policies
  • Platform security policies
  • Business logic policies

6
Related Work
  • JDK1.0, 1.1, 1.2 security models
  • Code-identity based access control
  • URL, developer, signature, etc.
  • Main references
  • Li Gong, New Security Architecture Directions for
    Java, In Proc. of IEEE COMPCON, 1997
  • T.Lindholm, and F.Yellin, The Java Virtual
    Machine Specification, Addison-Wesley, New York
  • Li Gong, Inside Java 2 Platform Security
    Architecture, API Design, and Implementation. Sun
    Microsystems Press, Santa Clara, California
  • Java Authentication and Authorization
    Service(JAAS)
  • user-identity based access control
  • Local user, role, group, etc
  • Main references
  • Charlie Lai, Gong Li, Larry Koved, Anthony
    Nadalin, Roland Schemers, User Authentication and
    Authorization in the Java Platform, ACSAC, 1999

7
Related Work(cont)
  • .NET Runtime Security
  • Code evidence sources, URL, creator, etc.
  • User authentication and authorization Windows
    platform enforced
  • .NET runtime architecture strongly depends on
    lost host platform
  • References
  • B.A.Lamacchia, S.Lange, M.Lyons, R.Martin and
    K.T.Price, .Net Framework Security,
    Addison-wesley, 2002
  • Selim Aissi, Runtime Environment Security Models,
    Intel Technology Journal, Feb, 2003

8
Related Work(cont)
  • G.Karjoth et al, An Operational Semantics of Java
    2 Access Control, IEEE CSFW, 2000
  • A.Corradi et al, A Flexible Access Control
    Service for Java Mobile Code
  • 1. M.Hauswirth et al, A Secure Execution
    Framework for Java, CCS00
  • M.Schaefer, S.Pinskey, D.Dean, L.Gong, J.Roskind,
    B.Fox, Ensuring Assurance in Mobile Computing,
    Oakland, 1997
  • M.Abadi, C.Fournet, Access Control based on
    Execution History, NDSS 2003
  • Vijay Varadharajan, Security Enhanced Mobile
    Agents, CCS 2000
  • L.Gong, M.Mueller, H.Prafullchandra, R.Schemers,
    Going Beyong the Sandbox An Overview of the New
    Security Architecture in the JDK1.2, USENIX, 1997
  • Trent Jaeger, A.parakash, J.Liedtke, N.Islam,
    Flexible Control of Downloaded Executable
    Content, TISSEC Vol. 2, No. 2, May 1999

9
Related Work(cont)
  • Summary
  • Real architecture and implementation mechanism
    for runtime environment security
  • Formal model
  • Some extensions based on current models
  • Significance of the works
  • the popularity of Java and .Net mobile code in
    IT, even not so secure
  • Problems
  • Application developer must be security expert
  • Scalability in enterprise and Internet computing
  • Flexible and configurable

10
Motivations
  • Configurable access control policy
  • Only security administrator is expert
  • A uniform access control model and mechanism
  • Supporting MAC, DAC, RBAC, DRM, etc main access
    control models
  • Abstraction of general runtime systems
  • Not only Java and .Net, but some other small
    runtime systems in industry (Intel MRTE, mobile
    devices, etc)

11
Statement
  • Try to develop a common authorization layer
    between various abstract access control models
    and current concrete runtime security models, as
    well uniform architecture and implementation
    mechanism in mobile computing environment.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Access Control in Runtime System" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!