Toggle Main Menu Toggle Search

Open Access padlockePrints

Using reflection as a mechanism for enforcing security policies in mobile code

Lookup NU author(s): Ian Welch, Dr Robert Stroud



Several authors have proposed using code modification as a technique for enforcing security policies such as resource limits, access controls, and network information flows. However, these approaches are typically ad hoe and are implemented without a high level abstract framework for code modification. We propose using reflection as a mechanism for implementing code modifications within an abstract framework based on the semantics of the underlying programming language. We have developed a reflective version of Java called Kava that uses byte-code rewriting techniques to insert pre-defined hooks into Java class files at load time. This makes it possible to specify and implement security policies for mobile code in a more abstract and flexible way. Our mechanism could be used as a more principled way of enforcing some of the existing security policies described in the literature. The advantages of our approach over related work (SASI, JRes, etc.) are that we can guarantee that our security mechanisms cannot be bypassed, a property we call strong non-bypassability, and that our approach provides the high level abstractions needed to build useful security policies.

Publication metadata

Author(s): Welch I, Stroud RJ

Editor(s): Cuppens, F; Deswarte, Y; Gollmann, D; Waidner, M

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Computer Security - ESORICS 2000: 6th European Symposium on Research in Computer Science

Year of Conference: 2000

Pages: 309-323

ISSN: 3540410317

Publisher: Springer-Verlag


DOI: 10.1007/10722599_19

Library holdings: Search Newcastle University Library for this item

Series Title: Lecture notes in computer science - 1895