期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Java平台实现安全行为模型验证 被引量:2

Implementation of Verifying the Security Related Behavior Model Based on the Java Platform
下载PDF
导出
摘要 非信任代码的安全执行是移动代码安全的重要问题之一。携带模型代码方法同时从移动代码的生产者和使用者的角度考虑,为安全执行非信任代码提供了一个系统、全面且有效的解决方案。该方法主要包括安全策略的定义、安全行为模型的生成,以及其验证和安全策略的强制实施。针对已被广泛使用的Java平台,在深入分析其基于访问控制的安全体系结构的基础上,通过对Java核心类的修改和扩展,提出了一种能增加新的安全策略,以及实现MCC方法中安全行为模型验证的方法,为提高Java安全策略的描述能力,以及基于Java平台实现MCC方法,确保更全面的安全机制提供了可行的途径。 Safe execution of untrusted mobile code is one of the key problems in mobile code security. Model-carrying code (MCC) provides a systematic, complete and effective solution to the problem from the viewpoints of both the producer and the consumer of mobile code. MCC mainly includes the specification of security policies, the generation and verification of the security-related behavior model, and the enforcement of security policies. The Java 2 platform is widely used currently. Through the analysis of its access-control-based security architecture, an approach to adding new security policies and the implementation of security-related model verification is presented through modifying and extending the Java 2 kernel classes. The approach can improve Java 2 in supporting security policies, and provides a feasible way to guarantee a more complete security mechanism by implementing MCC based on the Java 2 platform.
作者 李泽鹏 金英 张晶 郑晓娟
机构地区 吉林大学计算机科学与技术学院 东北师范大学软件学院
出处 《计算机工程与科学》 CSCD 2007年第10期7-10,共4页 Computer Engineering & Science
基金 国家自然科学基金资助项目(60603031)
关键词 携带模型代码 Java安全机制 安全行为模型 形式验证 model carrying code java security mechanism security related behavior model formal verification
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献8

  • 1Sekar R, Venkatakrishnan V, Basu S S, et al. Model-Carrying COde:A Practical Approach for Safe Execution of Untrusted Applications[A]. Proc of the ACM Symp on Operating System Principles[C]. 2003.
  • 2Sekar R, Uppuluri P. Synthesizing Fast Intrusion Prevention/ Detection Systems from High-Level Specifications[A]. Proe of USENIX Security Symp[C]. 1999.
  • 3Uppuluri P. Intrusion Detection/Prevention Using Behavior Specifications:[Ph D Thesis] [D]. Stony Brook University, 2003.
  • 4Bauer L, Ligatti J ,Walker D. More Enforceable Security Policies[A]. Proc of the Workshop on Foundations of Computer Security[C]. 2002.
  • 5Gosling J, Joy B, Steele G, et al. Java^TM Language Specification. Third Edition[M]. Addison Wesley,2005.
  • 6Gong Li, Ellison G, Dageforde M. Inside Java^TM 2 Platform Security: Architecture, API Design, and Implementation. Second Edition[M]. Addison Wesley, 2003.
  • 7Horstmann C S, Cornell G. Core .Java^TM 2 Volume Ⅱ- Advanced Features. Seventh Edition [R]. Prentice Hall PTR.2004.
  • 8Corbett J, Dwyer M, Hatcliff J, et al. Bandera: Extracting Finite-State Models from Java Source Code[A]. Proe of the 22nd Int'l Conf on Software Engineering[C]. 2000.

同被引文献18

  • 1R Sekar,V Venkatakrishnan, S Basu, S Bhatkar,D DuVarney. Model-carrying code: A practical approach for safe execution of untrusted applications [ J ]. ACM SIGOPS Operating Systems Review, 2003,37(5) : 15 - 28.
  • 2Lujo Bauer,Jarred Ligatti,David Walker.More enforceable security policies[R]. Princeton, New Jersey, USA: Princeton University, 2002.
  • 3Prem Uppuluri. Intrusion detection/prevention using behavior specifications[D]. NY, USA: State University of New York at Stony Brook, 2003.
  • 4Kaffe. org[ Z ]. URL: http://www. kaffe. org/documentation, 2008.
  • 5HC Kim,RS Ramakrishna,W Shin,K Sakurai. Enforcement of integrated security policy in trusted operating systems[M/CD]. Nara, Japan: Springer Berlin/Heidelberg, 2007.214 - 229.
  • 6SK Nair, PND Simpson, B Crispo, AS Tanenbaurn. A virtual machine based information flow control system for policy enforcement[J]. Electronic Notes in Theoretical Computer Science 2008,197(1):3 - 16.
  • 7Jansen W, Karygiannis T, Korolev V, et al. Policy expression and enforcement for handheld devices[ R]. Gaithersburg, Maryland, USA: Computer Security Division Information Technology Laboratory NIST,2003.
  • 8SEKAR R, VENKATAKRISHNAN V, BASU S, et al. Model-carrying code., a practical approach for safe execution of untrusted applications[C]//Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, Bolton: ACM, 2003:15-28.
  • 9SEKAR R,RAMAKRISHNAN C R,RAMAKRLSHANAN I V, et al. Model-carrying-code: a new paradigm for mobile-code security[C]//Proceedings of the 2001 Workshop on New Security Paradigms,Cloudcroft: ACM,2001: 23-30.
  • 10GONG L,MUELLER M,PRAFULLCHANDRA H,et al. Going beyond the sandbox: an overview of the new security architecture in the java development kit 1. 2 [C]//Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems,California: USENIX Association Berkeley, 1997:14-19.

引证文献2

二级引证文献2

计算机工程与科学
2007年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部