By Topic

Embedding Rule-Based Security Monitors into Java Programs

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Tomi Karlstedt ; Dept. of Inf. Technol., Univ. of Turku, Turku ; Ville Leppänen ; Sanna Tuohimaa

In this paper we study securing mobile code execution by embedding a rule-based security monitor into the mobile code before execution on a platform. A security monitor guards how the mobile code uses resources of the execution platform. We consider that this run-time monitoring approach is more practical than providing a proof of security properties along with the mobile code. Writing execution context related rule-based security policies enables us to be flexible with respect to the restrictions we wish to impose on the mobile code. In our opinion, establishing an authority for certifying the safety of mobile code is too inflexible, since depending on the situation the user might temporarily want to tighten the restrictions. We describe our language for expressing rule-based security policies and show how those policies can be translated into aspects, which together form a run-time security monitor. In practice, we translate our policy expression to AspectJ with our MPLc compiler and only consider embedding a run-time monitor into Java applications.

Published in:

2008 32nd Annual IEEE International Computer Software and Applications Conference

Date of Conference:

July 28 2008-Aug. 1 2008