Security Enhanced Java']Java: Mandatory Access Control for the Java']Java Virtual Machine

被引:0
|
作者
Venelle, Benjamin [1 ]
Briffaut, Jeremy [2 ]
Clevy, Laurent [1 ]
Toinard, Christian [2 ]
机构
[1] Alcatel Lucent Bell Labs, F-91620 Nozay, France
[2] ENSI LIFO, F-18020 Bourges, France
关键词
Mandatory Access Control; !text type='Java']Java[!/text] Virtual Machine; Security Context; Information Flow;
D O I
暂无
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Since 70's, and despite its operational complexity, Mandatory Access Control (MAC) has demonstrated its reliability to enforce integrity and confidentiality. Surprisingly, the Java technology, despite its popularity, has not yet adopted this protection principle. Current security features within the JVM (JAAS and bytecode verifier) can be bypassed, as demonstrated by summer 2012 attacks. Thus, a MAC model for Java and a cross platform reference monitor are required for the Java Virtual Machine. Security Enhanced Java (SEJava) enables to control dynamically the information flows between all the Java objects requiring neither bytecode nor source code instrumentations. The main idea is to consider Java types as security contexts, and method calls / field accesses as permissions. SEJava allows fine-grain MAC rules between the Java objects. Thus, SEJava controls all the information flows within the JVM. Our implementation is faster than concurrent approaches while allowing both finer and more advanced controls. A use case shows the efficiency to protect against Common Vulnerability and Exposures in an efficient manner.
引用
收藏
页数:7
相关论文
共 50 条